Difference between 32-bit and 64-bit

What is Bits?
The number of bits in a processor refers to the size of the data types that it handles and the size of its registry.

What is 32 Bit ?
In computer architecture, 32-bit integers, memory addresses, or other data units are those that are at most 32 bits (4 octets) wide. Also, 32-bit CPU and ALU architectures are those that are based on registers, address buses, or data buses of that size. 32-bit is also a term given to a generation of microcomputers in which 32-bit microprocessors are the norm.


What is 64 Bit ?
In computer architecture, 64-bit computing is the use of processors that have datapath widths, integer size, and memory addresses widths of 64 bits (eight octets). Also, 64-bit CPU and ALU architectures are those that are based on registers, address buses, or data buses of that size. From the software perspective, 64-bit computing means the use of code with 64-bit virtual memory addresses.

What is the difference between 32-bit and 64-bit ?
In computing, 32-bit and 64-bit are two different types of processors. The bit number (usually 8, 16, 32, or 64) refers to how much memory a processor can access from the CPU register.
64-bit processors are capable of twice the number of computations per second of a 32-bit processor. It means 64-bit has capability to perform more faster than 32-bit. Now a days All manufactures developing their own products based on 64-bit So you can say 64-bit will be a future of computer but there are many software programs which doesn't support a 64-bit OS. They are upgrading there services soon we will see how 64-bit performing in every home, office and other places. It is important to note that 64-bit computers can still use 32-bit based software programs, even when the Windows operating system is a 64-bit version.
One more difference between 32 bit and 64 bit that is the maximum amount of memory (RAM) that is supported. 32-bit computers support a maximum of 3-4 GB of memory, whereas a 64-bit computer can support memory amounts over 4 GB. This is important for software programs that are used for graphical design, engineering design or video editing, where many calculations are performed to render images, drawings, and video footage.
64-bit processors are becoming more and more common place in home computers. Most manufacturers build computers with 64-bit processors due to cheaper prices and because more users are now using 64-bit operating systems and programs. Computer parts retailers are offering fewer and fewer 32-bit processors and soon may not offer any at all.
At the end I want to say if you are planning to purchase a new Operating system get a 64-bit architecture system otherwise soon you will trash it as well if our system has more than 4 GB RAM then start using 64-bit system right now for getting benefit and experience the speed.  

Like it ? Share it.

Top 5 Free Vulnerabilities Scanner Tool

I have seen People ask How to hack website without any basic knowledge about hacking. You should know how hacks work - If you want to hack anything in this world you have to find out their weakness and then try to exploit them. Web site security is very important because the website contain relevant information about a company and now a days website defacement is very common even a script kiddies and a new born hackers can do this. The most common vulnerability like SQL-Injection and cross site scripting lead towards the defacement. So you want to secure your web application than find vulnerabilities on it before a hacker find it.


Below are Top tools for finding vulnerabilities :

1. W3AF -  w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. This cross-platform tool is available in all of the popular operating systems such as Microsoft Windows, Linux, Mac OS X, FreeBSD and OpenBSD and is written in the Python programming language. Users have the choice between a graphic user interface and a command-line interface. w3af identifies most web application vulnerabilities using more than 130 plug-ins. After identification, vulnerabilities like (blind) SQL injections, OS commanding, remote file inclusions (PHP), cross-site scripting (XSS), and unsafe file uploads, can be exploited in order to gain different types of access to the remote system.

How to use w3af


2. Vega - Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.
Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. It is available on Kali Linux and Backtrack.

How to use Vega

3. Nikto - Nikto is one of the most popular web security application when you are beginning a web pentesting project. Nikto is a web application scanning tool that searches for misconfigurations, openly accessible web directories and a host of web application vulnerabilities. This is available on the famous Linux distribution like Kali Linux, Backtrack, Gnacktrack, Backbox and others.

How to use Nikto 

4. Zed Attack Proxy (ZAP) - OWASP or Open Web Application Security Project is a non profit organisation world wide that are focusing on improving the security of web application. The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It has an automatic scanning functionality and it has a set of tools that allow you to find vulnerability manually.

5. Skipfish - Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments. 

Like it ? Share it.

Kali Linux Fun

1. Enjoy a little story of star war
Syntax – telnet towel.blinkenlights.nl

(Click image for large view)

2. Factor - This command will show you factors of a given number as output. Open Terminal, type factor and Press Enter. Then write your number (Ex – 6) and Press Enter.

3. rev - It reverses every string given to it. Open Terminal type rev and Press Enter. Then type your word or sentence (Ex – mrquiety) and Press Enter.   

4. yes – This command repeats the given word. If you want to stop Press Ctrl + C.

Syntax – yes Merry Christmas

5. Open terminal, type apt-get moo and Press Enter.

(Click image for large view)

Like it ? Share it.

The Hacker's theory

What is Hacking - Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker.

Computer hacking is the most popular form of hacking nowadays, especially in the field of computer security, but hacking exists in many other forms, such as phone hacking, brain hacking, etc. and it's not limited to either of them.

Who is Hacker - A Hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.

Type of Hackers:

White Hat - A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. The EC-Council, also known as the International Council of Electronic Commerce Consultants, is one of those organizations that have developed certifications, course-ware, classes, and online training covering the diverse arena of Ethical Hacking.

Grey Hat - A grey hat hacker is a combination of a black hat and a white hat hacker. A grey hat hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. Then they may offer to correct the defect for a fee.

Black Hat - A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain". Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. Black hat hackers also are referred to as the "crackers" within the security industry and by modern programmers. Crackers keep the awareness of the vulnerabilities to themselves and do not notify the general public or manufacturer for patches to be applied. Individual freedom and accessibility is promoted over privacy and security. Once they have gained control over a system, they may apply patches or fixes to the system only to keep their reigning control.

Basic Requirement:

• Knowledge of Networking
• Ethical Hacking Certification (This will make you a Certified Ethical Hacker)
• Programming Knowledge 
• Read and Learn
• Practice as much as you can

What is Exploits - Exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability that the system offers to intruders. Used as a verb, the term refers to the act of successfully making such an attack.

What is Vulnerability - In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

What is Bug - A bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program's source code or its design, or in frameworks and operating systems used by such programs, and a few are caused by compilers producing incorrect code. A program that contains a large number of bugs, and/or bugs that seriously interfere with its functionality, is said to be buggy. Reports detailing bugs in a program are commonly known as bug reports, defect reports, fault reports, problem reports, trouble reports, change requests, and so forth.

Like it ? Share it.

Steam Locomotive in Kali Linux

Sl (Steam Locomotive) – sl display animations aimed to correct users who accidentally enter sl instead of ls.

1. How to Install – Open terminal, type apt-get install sl and Press Enter.

(Click Image for large view)

2. An accident seems to happen. You’ll feel pity for people who cry for help.
Syntax - /usr/games/sl -a

2A. If you logged in as an user (not root) then command syntax will be change.
Ex : hell@MrQuiety:/root$ sl –a

3. This commands shows little steam locomotive.
Syntax - /usr/games/sl –l

4. In this example you will see a steam locomotive is flying on your terminal.
Syntax - /usr/games/sl -F

5. You can interrupt this steam locomotive by pressing Ctrl + C
Syntax - /usr/games/sl -e

6. This is really an awesome just run the command and see the magic.
Syntax - /usr/games/sl –h

(Click Image for large view)

Like it ? Share it.

How to Hack Facebook Account

How to Hack Facebook Account or How to Hack Email ID ?
As you all know that Facebook is one of the top most secure social network website running at present. Many people want to hack others facebook account and the reason behind hacking profile God Know.
I am going to explain you some facebook account hacking technique. It is not only for hacking facebook account. These methods can be use also for other social website twitter linkedin as well gmail, yahoomail, hotmail etc..
Note - This is only for educational purpose.

Below are most useful techniques :

1. Phishing - This is one of the most easiest, oldest and common methods for hacking facebook account now a days. As the name sounds ,just like in fishing where the fisherman puts a bait at the hook, pretending to be a real food for the fish and the fish falls into the trap set by the fisherman as the hook inside it catches the fish . Similarly , in this method the hacker creates the Fake Facebook Login page and uploads the page in any of his hosting accounts.Now he asks the victim to check out the link to his new Facebook group , when the victim opens the link , he is redirected to the hackers Fake Facebook Login page. Just as usual the victim finds this page as normal login page and types his account details in the username and password fields and clicks on log-in and the victims account details is stored in the hackers database .Thus the victim’s Facebook account is hacked.

2. Keylogger and RAT's - Keylogger is a computer software that is used to record keystrokes from your keyboard secretly. If your keylogger have some great features like capturing image, chat history capturing, email recording etc.. then it will be more beneficial for a hacker. SniperSpy and Elite Keylogger are some type of keylogger which have great feature but these are not Freeware. Keylogging becomes more easy if you have physical access to victim computer as only thing you have to do is install a keylogger into your destination so that it will send all recorded keystrokes to pointed destination. If you want to send it online then there are some methods for example you can upload it in any file hosting website and send the download link to your victim. Of course your victim will not going to download an unknow program or software so you have to use some social engineeing on this stage. You can trap him by saying "Hey download this full version IDM" or something like this.

3. Cookie Stealing - A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity.Cookies were designed to be a reliable mechanism for websites to remember stateful information or to record the user's browsing activity.

There are some cases for using this technique:

• Using cookie stealing is that ,you don’t get your victims password or username through this technique. Rather you just steal the victims cookie stored in his/her browser and edit it in your browser so that you can use features that the victim can use when he is online.
• Your access to victims account closes as soon as he/she logout from his account.
• You must have same ip address as that of the victim as with the latest security measures from Facebook asks to enter the password when it suspects an access to the account from unknown devices.

Stealing Cookies You need some Tools:

• Cookie Capturing Tool
• Cookie Injecting/Editing tool

There is a problem using this method is facebook always use https and this will work when your user has http in your address bar but there is way when your victim plays games etc that time facebook https converted into http. 

4. Social Engineering or Guessing Passwords - Social engineering is method of retrieving password or Guessing the password or answer of security question simply be hacking some information about the victim or simply gathering his information from his own Facebook and other social networking profiles where most of users provide their critical information just for fashion and doesn't know its consequences.

You can also use this technique by sending fake mail/Call showing your fake identity to the victim and asking him to send his password to your mail/on call.

Many people use these things as his password so you can give a try:

1. Mobile number or Their girlfriend/boyfriend mobile number.

2. Their Girlfriend/boyfriend names or their own names concatenating with their Girlfriend/boyfriend names.

3. Date of birth

4. Vehicle Number

4. Favorite movie's name, Tv serial name etc.

5. Most website ask password should be alphanumeric so users just simply fill 1,2,3 in their normal passwords and some more smart guys adds !,@,# in their passwords. 

This was an introduction about facebook account hacking methods. I will sure make separate tutorials on each method.

Note- There are No Tools or Software for hacking facebook account or any Email IDs so beware if someone is saying you anything like that. That's a big Rat-Trap.

Like it ? Share it.

Local Exploit

An Exploit (from the verb to exploit, in the meaning of using something to one’s own advantage) is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). Such behavior frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial-of-service attack.

Classification

A 'local exploit' requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator.
Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with client application. Exploits against client applications may also require some interaction with the user and thus may be used in combination with social engineering method. Another classification is by the action against vulnerable system: unauthorized data access, arbitrary code execution, denial of service.


Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root.

Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed through a patch and the exploit becomes obsolete for newer versions of the software. This is the reason why some blackhat hackers do not publish their exploits but keep them private to themselves or other hackers. Such exploits are referred to as 'zero day exploits' and to obtain access to such exploits is the primary desire of unskilled attackers, often nicknamed script kiddies.

Local Exploit

A local exploit is a vulnerability in a Linux system that allows an ordinary user to gain root privileges by performing a certain sequence of actions. Generally these exploits occur when a privileged application contains a bug which does not perform sufficient checks on the user before executing a command with root access.
Local exploits do not by themselves allow intruders into the system, since an ordinary user account is needed first. However it is often possible to gain this user access to a system if a password policy is not enforced or if the system provide user accounts as a service, for example web hosting servers.

Local and remote are not enough. There are also "local" problems where the data is coming from a remote server. Email clients, web browsers, etc. are run by the user, as the user, but they process untrusted data. So I see it something like (from highest to lowest severity):

• remotely exploitable server
• remotely exploitable client
• locally exploitable server running as root or system user
• locally exploitable server running as the user
• locally exploitable client or non-networked program (suid/sgid)
• often-used directly or in scripts, locally exploitable client or non-networked program (non-suid, non-sgid)
• rarely-used directory or in scripts, locally exploitable client or non-networked program (non-suid, non-sgid)

Not all exploits are the same. Many allow running arbitrary code. But some only allow reading or deleting files. Futhermore you have to take DoS attacks into account.

• arbitrary execution as root
• file or memory viewing as root
• file deletion or modification as root
• arbitrary execution as a system user
• file or memory viewing as a system user
• file deletion or modification as a system user
• arbitrary execution as a user
• file or memory viewing as a user
• file deletion or modification as a user
• system-wide denial of service (crash, lockup, etc.)
• permanent (until manual intervention) remotely visible denial of service
• temporary remotely visible denial of service
• partial remotely visible denial of service (performance impact only)
• other permanent (until manual intervention) denial of service
• other temporary denial of service
• other partial denial of service (performance impact only)

Like it ? Share it.