#cybersecurity

I ended up going with hashlib.md5 because it's already baked-in and it's stupid-fast

@glossy basalt What are you hashing?

lines of log text as a tamper-check

Tamper check?

Seems strange to be using MD5 for something like that, as opposed to SELinux + Zeek/Snort

Since it's file-based and not, for example, hardware-based

another option if you wanted to do file integrity checking is Tripwrire

the community edition, not the business one.

lets you build a selection of file hashes of system / user files and store them

then run periodic scans to see if the file hashes have changed

writing a config for it can be a bit of a pain, the default will just snaffle up nearly the entire OS file structure

which makes reports really fucking messy

https://github.com/Tripwire/tripwire-open-source

huh, interesting. just seen a logwatch entry where someone tried to craft a ~2000 character URL request to a WP site o_O

/?wpv-image=..%2Fwp-config.php/?wpv-image=../wp-config.php/wp-content/themes/uncode/download.php?download_file=../../../wp-config.php/wp-admin/edit.php?post_type=wd_ads_ads&export=export_csv&path=../wp-config.php/wp-admin/admin-ajax.php?action=...```

etc etc

looks like it tries to loop through like 12 different plugins \ themes

end goal is to download wp-config.php

https://huntresslabs.com/features.html

YES BUT WHAT DO YOU DO

?!

it's weird to get sales calls where the rep isn't even sure what they're trying to sell you o_O

yeah this all seems like a sales pitch for a whole lotta nonsense

it just seems like an end point agent that monitors known persistence points

I want to get into ethical hacking, what tips do you have for me?

Like habits, os, vpn, vm, tools, sources

So I'm pretty new to security stuff, because I normally don't work with it. Though I was interested in making a messaging app and wanted to know how authentication, encrypting messages, storing messages, storing security info, how to send messages from client -> server, and that stuff should be and what tools and step I should be taking really

@tepid venture Signal?

( https://signal.org/ )

python?

i also did want to add couple of my own things like emotes like in discord and other stuff

Signal has attachment/emoji/sticker support

well i did want to do my own stuff

k besides that

python support?

cus i only see those 3 langs

What are you wanting to add to it?

actually nvrm thinking about it that should be enough

soo python support?

If it's not on their site, they don't have a Python library.

The specs for Double Ratchet, Sesame, XEdDSA/VXEdDSA, and X3DH are at https://signal.org/docs/ though

hm alright thanks

https://github.com/tgalal/python-axolotl exists, though it's third-party and hasn't seen a commit in nearly a year

Might be a good place to start, but I also haven't taken a look at the code quality.

maybe ill just test my kotlin skills with it

alright so the signal libraries they just do the encryption right?

is there a specific way I should be sending it over the server and how about authentication with the server, logging in, out, signing up and stuff

They do more than just encryption. I'd check out the README for the specific library you're looking at

The Java version appears to be the main one of theirs, so I'd start there. https://github.com/signalapp/libsignal-protocol-java#overview

Yeah but it's handling things only client-side

I'm talking about how I should be doing things server-side

https://github.com/signalapp/Signal-Server exists, but I don't believe Signal federates with other servers, unless that's changed.

I'm not sure what you're wanting to add/change, so I can't give much more help

guyse someone send me fishy link can someone open it and see if its a virus?

if you think the link is fishy, plug it into Cuckoo

https://cuckoo.cert.ee/

oh thanks

is this virus?

please don't send random links here that you might think are viruses

my bad sorry

not only is it a pretty shitty thing to do, it's against the discord ToS

Hi everyone. I’m new here and I have a question regarding solving Recaptcha V3 via Python. Would this be the right place?

@strange star Are you talking about automating it with a program/bot?

Because that would be against Google's ToS, and thus isn't something we'd want discussed here

I've always been interested in learning the hacking world. But every tutorial on the internet could basically lead me to a pre-made tools as it's something that I don't want.
In which way could I progress myself to get the ability to learn and create my own tools? What kind of way should I go through in order to achieve the required skills, learn how everything works, know the computer very well and etc?
I already use computers daily and know a lot about them, much more than other people, but yet I feel like and know so, that I probably know only a tiny small part of this entire "system".
I would appreciate if someone directed me to a good path, such as "first you must be able to code very well and understand the fundamentals of programming and know how to use them and then do bla bla"

at the end of the day tools are tools. people who work in the industry rely heavily on the tools made by others to perform their job.

being able to make tools is good, but it's also not really a requirement, if you see what i mean

I get it yeah

i'm not sure i can give you a specific direction

I mean I want to know this world

not just tools

like, learn this thing

get to know the term much better and how to do it on your own

I know that hacking is not sitting on a chair with a black hat and a cool screen

yeah, it's a pretty broad field so there's potentially a lot to learn

spamming the keyboard (although this is true xD)

so yeah I was wondering where I could begin

f.ex if you have no experience or knowledge of active directory or other structures you're going to have a hard time pen testing a corporate network

yeah that's the point. Was wondering where I could start having that knowledge so I can develop experience

like I gave myself a python project 2 days ago that is working now

it's actually pretty cool

well knowing how systems operate normally is a good step

it generates links of pictures

that are uploaded

and the nuances of those systems

alright

so I shall start searching for that on the internet

networking / active directory sounds dull as shit to learn

but knowing how that stuff works is invaluable.

well

as long as it will lead me to what I want to do and interests me, it won't be dull as shit

good mentality :)

like yesterday I finished making this cool code

I wouldn't call it a tool that finds exploits

well that's interesting.

it's still a tool.

I had to find how the links of prnt.sc are made and the way images are uploaded

like it gives me links to tons of images

rn I have a total of 257 as I don't want to run it too much, it will block me out

but I was wondering how I could do so that it won't block me out without being slow

I could give a delay of 3-5 seconds

yeah, we can't help with that because it might potentially violate a terms of service or w/e

I know

their privacy policy though says this is okay

but that sort of tool you've written is the sort of kind of stuff someone might write

an admin on this server confirmed

to find something "hidden"

so it's a progress for a beginner already

as people are not really supposed to get these images

shit, there was a security professional who did nothing but scan the entire internet for open VNC connections

he wrote a script to compile a list of internet facing VNC's

then the script would log in and take a screen shot

that was his whole project, but it was super important in a lot of ways

highlighting just how much shit people dump on the internet

that's cool

like... municipal water supplies

like yeah I bet on ya people didn't read their privacy policy

a computer that controls some kind of hospital generator

an actual hospital BED

and don't know that the images become public

oh damn

it can easily kill someone important

yeah

so the script he made isn't overly complicated, you know?

imagine if someone you wanted to assassinate was on that bed

really?

nah, piece of piss

that's cool

I actually thought about a similar scan code

it was a crucial piece of security work too.

such as shodan that can scan for exploited public ips of cameras and stuff

but idk I'm afraid I will do something illegal

that's the best position to take :D

I don't want to do illegal stuff, just to learn

I thought about it as my next project

right after this links generator

which works greatly

the more you learn the more you might get a grip on what is / isn't legal in your country.

also I think I'm up to something

the only problem with my current code is that it kind of ddosing

def test_link(link):
    response = requests.get(link, headers={"user-agent": "Link Tester Bot"})
    return (
        "//st.prntscr.com/2020/04/03/0204/img/0_173a7b_211be8ff.png"
        not in response.text
    )```

like it runs on a loop

this link there is the image displayed on ever link they have no matter what if it's an image wasn't uploaded to that link

this way I made it check which link is real or not

an admin said this thing is okay so you don't need to worry about helping

he said that my entire project is totally fine

tbh i'd just slap a medium sized wait on it and leave it running for a month

¬_¬

haha but only one problem

the computer that will run it is in my room :/

image if it took 5 seconds for every link

there are 1.7B links

you really plan to test every link?

no

lol

not so much of a problem then is it :D

yeah I know

but I thought to myself that this way, it could be not efficient

because imagine if I wanted access to something else, illegal

the more efficient you make it the more it becomes like a DoS

I can't just request for it

like if you threaded it and started hammering hundreds of links a minute

basically generating the links is one thing which is easy and I can generate billions no problem

the thing is, checking if they are real

like even 5 seconds for each link that exists is 8500000000 seconds

like it's literally hundreds of years

can get to thousands

but followed by my statistics my code is very successful

70% chances of finding the right link each time

technically there are other ways to make it efficient

that's what I'm interested at

rather than testing the generated links sequentially (assuming they're generated like 0 -> 10 like a list)

you could probably try something that takes a more uhhh

i don't want to say random, because it's not

trying to remember wtf it's called now, smh.

@thorn obsidian might know

lol

seems like s/he's offline

pls give context

lol

okay so with a list of potentially valid items

where they may no sequentially be valid

like let's say you are given a list of many sets of numbers

is there a better test method than literally iterating through the full list

and some of them are a password

and you need to extract that password in a useful way

pretty sure i've read something about maths / statistics that can be used to improve odds by hopping around the list?

for example I made a random links generator to extract images

works perfectly

if the items are truly generated randomly, going sequentially will net the same average hitcount than other methods

usually 70% of success

makes sense

sounds backwards but thank maths

i just remember some thing from some talk i watched years ago about a similar but not quite teh same topic

like every time I run it, it's actually successful

always more than a half are found

let's try to run it on 100 with a time.sleep(5)

while we are talking

what's the chances one of the URLs would be aaaaaa for example

I think

@lusty flare same as for any other link

a-z 1-9

no

their links are a-z 1-9

had to do some research to make it efficient

what, so, it always has one number?

36^6

nah, item 5.

that has no number

oh yeah

look at the code

oof

paste bin it mate

https://paste.pythondiscord.com/madecevofi.py

so, yeah, chances for a link to be aaaaaa is the same as f2evb1 or anything else

yeah

to humans, the former might seem more rare

but computers don't give a shit

I know

yah

I don't take it as a coincidence

i'm trying to figure out if there's a way to make the list more efficient that's all

the probability is like 36^6?

am I right?

1.7b items is a large list

no

haha no

https://prnt.sc/

check this

not without exploiting something else, unfortunately

they are at 1.693b

still efficient?

my code is at 40 already

they're only like 400m away from exhausting their address space

it's slow this way

:D

yeah lol

also, if you're generating the tested links randomly yourself, be sure to keep track of what links you've already generated (by reusing the seed and saving the index value). there might be a tiny chance you're going to generate a link you've already generated

did you see my code

sorry, can't read, illiterate

I made something like that

I think it's that part

nope

    try:
        with open("Links Database.txt", "r") as database:
            links = set(database.read().splitlines())
    except FileNotFoundError:```

that

65/100 already yay

it doesn't account for re-testing though

by the looks

like

that's just you saving the links you've already found

so you may actually be re-testing ones you've found alive

it won't put the same link in the file

yeah

wait

but you will be retesting it

if you start over, the state will be lost

yeah

and you will eventually test links you've already tested

actually

track your "found" and "discarded" links

to prevent yourself re-testing

yeah if I could do a better way for that

I would be glad

like I can do that it will generate random links that are not inside the .txt

currently the txt has 265

let's see how high it gets once the current run is done

makes sense to not re-test something that already works

so a check on that would be efficient

:)

yeah but I'm not sure on how to do that

hmm

ohohh wait 95/100

it will take more 20 seconds now

the most efficient way would be still to just test sequentially, totally skipping generating random numbers yourself

hella faster, much easier to keep track of

let's see how many it found and discarded

i'd probably do it that way too xx

as I said wow

70%!

cover the entire space

damn

that's actually incredible

it has a 70% chance of finding a link

but what do you mean @thorn obsidian ?

about which part?

i have a funny feeling about your 70% figure...

sec, maths

yup

70% of 36^6 is around 1.5bn

they've used 70% of their address space

you're finding stuff 70% of the time

COINCIDENCE?

:O

it's actually 35^6 I think

idk yeah

a-z + 1-9

don't forget 0

26 + 9 = 35

no 0

that's sad I know

I have no idea

o_O

oh wait

it has 0

nvm

adding that now

2176782336 combinations

out of them 1.693 taken

~70%

yep

makes sense when you think about it

yep

well guys I would be glad to keep talking later but I gotta do a workout now

catch you later o/

not to stay on a chair all day and become a potato

catch ya

Hi guys

Here is the code:
https://repl.it/repls/GleefulGlaringClasses

I am asking this again after 10h without success, I am really stuck and can't find a way to get through this
I have tried XORing as well, but that doesn't seem to be the case here.
What I am doing:

I have the offsets [1, 3, 5, 7, 9] & the key ['X', 'Y', 'Z']
What I have done so far is insert 'X' @ offset '1' of original data and print it as Obfuscated data

> What I want is to insert 'X' @ offset '1' of line 1
> insert 'Y' @ offset '3' of line 2
> insert 'Z' @ offset '5' of line 3

* now my key  ['X', 'Y', 'Z'] becomes ['Y', 'Z', 'X']

> insert 'Y' @ offset '7' of line 4
> insert 'Z' @ offset '9' of line 5
> insert 'X' @ offset '1' of line 6

All I want are so simple in words, but I am not sure if they are possible, I been trying for hours
I recorded the steps 4 times and I still can't find a way around this

I want to insert one character in each specified offset of each line of a file
In here offsets won't change, they will be the same

But to just make guessing difficult, I am trying to change password after every 3 rounds or after every 3 lines being obfuscated

hell, i didn't get any answers in any helps channels either, can anyone at least suggest me some blog that covers something similar like this?

i've looked at your code and your explanation and i still have no idea what you're trying to do or what your issue is

Okay, I am going to simplify things as much as I can.
I have this file, data.txt:

aaaaaaaaaa
bbbbbbbbbb
cccccccccc
dddddddddd

I have a key: ['X', 'Y', 'Z']
I have offsets or let's say indexes: [1, 3, 5, 7, 9]

Now I want my tool to take 'X' from key and insert it @ offset or index 1:
First line of file data.txt: aaaaaaaaaa (len 11)
After inserting X @ offset 1:
aXaaaaaaaaa (len 12)

Here is how its done in code:

>>> first_line = 'aaaaaaaaaa'
>>> listed = list(first_line)
>>> listed.insert(1, 'X')
>>> listed
['a', 'X', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a']
>>>

2: Now the next line:
key: ['X', 'Y', 'Z']
offsets: [1, 3, 5, 7, 9]
second line: bbbbbbbbbb

operation:

>>> second_line = 'bbbbbbbbbb'
>>> listed = list(second_line)
>>> listed.insert(3, 'Y')
>>> listed
['b', 'b', 'b', 'Y', 'b', 'b', 'b', 'b', 'b', 'b', 'b']
>>>

As you can see what I am doing is simple, now the letter I am inserting becomes 'Y' and its offset is 3

3:
similar operation, letter: Z, offset: 5

>>> third_line = 'cccccccccc'
>>> listed = list(third_line)
>>> listed.insert(5, 'Z')
>>> listed
['c', 'c', 'c', 'c', 'c', 'Z', 'c', 'c', 'c', 'c', 'c']
>>>

4:
offsets are same ([1, 3, 5, 7, 9]), they start where they left off last, or at offset '7'
however since XYZ is just 3 letters, they just change their place, like offset 1 in here comes first, offset 2 comes 2nd and offset 0 comes last:

YZX

operation:

>>> fourth_line = 'dddddddddd'
>>> listed = list(fourth_line)
>>> listed.insert(7, 'Y')
>>> listed
['d', 'd', 'd', 'd', 'd', 'd', 'd', 'Y', 'd', 'd', 'd']
>>>

and then ZYX
and then YXZ and so on...

@thorn obsidian

this is just part of a... let's say cipher model I am working on and started yesterday at this time, if I find a way to encode, I can use the same method to decode

Encoding/Decoding isn't the same as Encryption/Decryption or hashing

@obtuse harness What's your end goal? I'm trying to piece together what you're doing here

@thorn obsidian
The end goal is something like this:
I have a function to create a 10-len random character-set for each letter in a text:

['g'] == ['aaaaaaaaaa']
['o'] == ['bbbbbbbbbb']
['a'] == ['cccccccccc']
['l'] == ['dddddddddd']
['s'] == ['eeeeeeeeee']

now this file will be saved to config.txt, of course it's not all aaaaaaaaaa, its more like:

['g'] == ['0rijN7no1W']
['o'] == ['NpLGfeM2oh']
['a'] == ['THRrgaERuO']
['l'] == ['AffWnZ8gs1']
['s'] == ['Pzxs9Vw04i']

and then it will be changed to something like this:

['aXaaaaaaaaa']
['bbbbYbbbbbb']
['ccccccccZcc']
['ddddYdddddd']
['eeeeeZeeeee']

as you can see XYZ & then Y are getting set at offsets, i had explained above how it works
now the important part is this information will be randomized like this:

['ddddYdddddd']
['eeeeeZeeeee']
['aXaaaaaaaaa']
['bbbbYbbbbbb']
['ccccccccZcc']

now for anyone it will be very hard to understand which letter in a random character-set of size 11 is useless?
I will send the following to the other end, let's call it the client:

['ddddYdddddd']
['eeeeeZeeeee']
['aXaaaaaaaaa']
['bbbbYbbbbbb']
['ccccccccZcc']

the client won't get config.txt, it will be with me, but they will get decoder.py
now the only way to decode stuff is when you have a password like XYZ-13579
where XYZ represents characters & 13579 represents offsets

the client will need the password to sort the randomized data & send it back to the server, the data after sorting will become like the one stored in config.txt file:

['aaaaaaaaaa']
['bbbbbbbbbb']
['cccccccccc']
['dddddddddd']
['eeeeeeeeee']

as you can see XYZ at their offsets are now gone and data is sorted, this is simple, the first letter is X and offset is 1, so decoder will search where is X and where its on offset 1 and call it the first char-set
and then if everything is correct, then the user will get meaning for each 10-len character-sets

I will call it a cipher, I shouldn't have used the word obfuscation tho

@obtuse harness are you trying to create a substitution box?

@viscid cedar
not exactly substitution, I am not trying to replace one thing with another, what I am doing is inserting chars at offsets

anyone know how to fix a .pyc file missing magic number at beginning? was originally made with pyinstaller and main file won't decompile without it

I think I just need to get the magic number for 3.8.2 and insert it at the beginning of the file

because I know it was made on either 3.8 or 3.7

I don't have the original py files 😦

nvm fixed

@thorn obsidian How'd you fix it?

looking around the other files in the unpack and pulling the first few bytes from them

realized i needed to copy 16 bytes and not 8

👍 Appreciate you telling us how you did it. Someone in the future might run into the same issue you did, and we'll be able to help them now!

@obtuse harness so let me get that straight you are trying to generate a replacement table from a pre initialized matrix in which you perform inserts based on 2 vectors one containing the inserted values the other one the locations to insert at.

Correct?

not replacement, but rather addition

the length is ultimately increased

@thorn obsidian I get that part but as I understand from the example provided that extended matrix would then be used to substitute for letters or letter groups

I take that from lines like
[g] == [aaaaaaaa]

Don't know how to do code highlighting on the phone. Sorry

@viscid cedar
I am performing addition with insert method of list, you can look it up if you want to and it inserts stuff, it doesn't substitute anything.

This is the final edit I have done, all I want is to automate this process

anyone wanna collab?

I have successfully encrypted a .txt file and I have the supposed key to said file, but I keep receiving a "MAC Check Failed" error. Would anyone know what this error means? I am using AES 256 GCM encryption. Here is the code and error as well so if you need to look more at the code then please ping me and let me know.

I'm doing this in Python as you can see so if I need to move to a different channel, I will.

@timid forge from what i understand, that means your tag isn't valid

I thought so too

Read more on the program and it could possibly be tampering with the program or maybe corrupted data

Not sure yet

I appreciate you though for helping out

you seem to be doing the basic pycryptodome AES tutorial in which case no, i do believe it's something you're doing incorrectly

Ah

What might you believe it to be?

If you need me to send you any more pictures of my code lmk

by read more, I meant that I read more lol

hm

can anyone help me with an ssh connection with pwntools?

Just trying to connect with

from pwn import *

s = ssh(host=url, user='ctf', password=password)
r = s.remote(url, 22)
while True:
    print(r.recvline())

@timid forge pretty sure the tutorial is a bit old or off compared to what should be done. the way they have you read it is cutting off the tag and/or text at some point. this works just fine as an example:

from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

key = get_random_bytes(16)
cipher = AES.new(key, AES.MODE_EAX)
original_text, original_tag = cipher.encrypt_and_digest(b'example data')

store = {'nonce': cipher.nonce,
         'tag': original_tag,
         'text': original_text}

decoder = AES.new(key, AES.MODE_EAX, store['nonce'])
print(decoder.decrypt_and_verify(store['text'], store['tag']))

in my own practice, my keys are stored on my VPS with my applications, usually in a permissions-locked database in postgres

Ah okay. Idk I read up on some articles that said their data is really outdated and that it needed updated, but I've asked around and no one has really helped me quite yet

VPS?

Virtual Private Server I assume?

yes.

Okay!

Might I ask if I could dm you later tonight when I'm able to test this code?

Or ping you here again?

If not then that is fine and I understand

sure but there may be no quick response

Okay that is fine

i'm usually either afk while my PC is working or with the wife

I appreciate it a lot!

And thats totally understandable

Thank you!

yw

@tired mica , what's the issue you're having with pwntools ssh?

this isnt rly a security question but im trying to install kali onto oracle vm

i did it on my other computer but on this one its giving me this error-

anyone?

Don't think we can really answer that any better than Google could honestly

ight thx

@dense locust that only happened to me when I did not allocate enough space to my VM? Maybe that's the issue.

You're going to want about 20+GB iirc. 40 is the safer bet.

you can dynamically allocate it so it doesn't consume all of that on creation too

i like that error though

"The failing step is: it failed."

ikr

i made it dynamically allocated and gave it 10gb

so i dont know why it wasnt working

From their docs On the higher end, if you opt to install the default XFCE4 desktop and the kali-linux-default meta-package, you should really aim for at least 2048 MB of RAM and 20 GB of disk space.

Yeah 20.

@dense locust Installation Prerequisites

A minimum of 20 GB disk space for the Kali Linux install. RAM for i386 and amd64 architectures, minimum: 1GB, recommended: 2GB or more.

https://www.bleepingcomputer.com/news/security/windows-10-smbghost-rce-exploit-demoed-by-researchers/ another day, another wormable pre-authenticated SMB exploit

oh fuck sake

this season has been a fucking patching nightmare

i don't think i've had to audit / patch systems this frequently before

Welcome to Windows, which security flaw would you like today?

Everyday is Exploit Wednesday

I'd like some CVE-2020-0907 with a dash of CVE-2020-0910

@dense locust uhh use ethernet? that might help

they're using a VM

which generally creates a virtual ethernet connection regardless

twiddles thumbs

time to wait for the results of an audit and see how SMBoned we are.

lets see if patching actually took when i did this last month

Hey, would anyone happen to know if it is possible to change lets say, my google password through python on my desktop? I'm not trying to do anything malicious as it might sound; I'd just like to make my own password manager thingy without having to pay for Dashlane for example.

I'd be astounded if you could get that to work

Me too. Worth a try though, if not, I can make it randomly generate a string of 34 characters that I can tell it to regenerate and store when ever I want, that'd be easy. (That's what I've got already 🙂 )

Hmm, now I think about it. Companies normally send you an email with a link to change the password. That'd be a bit too much effort to somehow manage to get into my emails, open up an email and take the link with Python (with my knowledge at least).

no, there's no simple way to programmatically change your google password @hidden oak

I guess Dashlane just has good programmers xD

you'd have to treat it like a crazy web scraping exercise

Yeah, I saw something about scraping info in order to login, but changing password is a whole different thing.

exer... excer... exercise?

yeah

exercise.

i mean to change a password you need a LOT of interaction with things that aren't meant to be automated

google might even actively detect that

they're a bastard about most automation

I had a feeling that could 100% be an issue when doing something like what I was planning. I would definitely not enjoy having my account banned for some stupid reason I couldn't fathom.

Probably best for me to stay away from that lmao

yeah, automation like that is generally a bad idea

I can't think of a legitimate reason to automate changing a Google password

^

That just has questionable written all over it

The google stuff was just an example. I plan on (if I could in the first place) have it change most my things. I'd just like a button to click, if in some event I had to quickly change my password, I could generate a new one on the program and change it automatically, without having to go through the whole process manually . I do actually plan on making a type of auto login, or at least auto fill info feature for it as I think that's feasible.

I suspect that'll be quite difficult to have working on many sites

each site, unfortunately, has its quirks; or so it seems.

I use LastPass, a fancy-shmancy commercial password manager; and it does a lousy job just filling passwords; I wouldn't trust it to change my password.

And presumably they have a bunch of talented people who do that for a living

so forgive my pessimsm, but I'd be very surprised if you could get something that worked reliably on many sites

Welp, I guess I can only hope. If I get it done on even one, I'll be satisfied. I don't mind if it doesn't work on all sites that I have an account on since I only really care about websites that I use a lot, which is quite a little amount.

in theory it shouldn't be any more than just filling in forms, but I suspect that many sites do javascript tricks that you'll have trouble with

but if you use selenium it should be doable

Noice 🙂

@olive lark Except, I wouldn't be surprised if that's against most of their terms of service

You don't need to change your password often ( I'd hope so, at least ), so it doesn't make much sense to automate it

Good point. I'm hella lazy though so meh. If it can be done with ease and isn't against TOS (which by the sounds of it, it isn't) I'll happily do it.

Greatly depends on the site on whether it's against their ToS. It would 100% be against Google's, for example.

i just started writing a module full of functions to protect your code against piracy and other things

I want to describe that some software downloads ciphertext which is Key1 encrypted by Key2, what is conventional way to write that? Is it Key1<subscript>Key2</subscript>?

@thorn harness How exactly is that supposed to work?

huh i just make all my stuff opensource so i don't have to protect it from piracy

"protecting" python code is something that crops up a lot

@thorn obsidian it isn't for production, it just checks for a file and python will throw an error and stop execution

i will change this in the future to a GPG key or licence key

nothing advanced yet

@thorn harness what's to stop me from just patching those checks out?

we haven't patched that, it was developed a couple of days ago

you could just comment out a check and your done, no checks

we need to make a system that validates a licence key, all it looks for at the moment is a license.txt file

well, I have another thing I just found that uses pyCrypto

but at the end of the day

it's all in python and i could edit it all

right?

has anyone tried using themida?

@lusty flare yeah, at the end of the day it is just a module anyone can manipulate

but it's an idea that is still building

it's kind of tricky to protect python code.

yeah, unless we go and swap characters or encrypt files so they are unreadable

well a character swap is easy to get by

encryption, again, you'd need to provide the key to decrypt it

so i don't know how you'd hide that

yeah, but I am unsure how to validate a key

generate and validate, how could i do that?

regardless of what checks you put

they're written in python

so i can just edit them

exactly, unless we make some changes. Like exporting to a new format

the only way to seriously obfuscate your python code is to compile it into another form

or put a wrapper on it

py2exe binaries can be 'decompiled'

yeah, that's harder than just reading python code though

exactly, plus this has to be for linux

i've tried to do python -> py2exe -> python before

phew

that's some effort

doesnt matiasb/unpy2exe do it

i have a way that gets a generated key file and will not execute the script if it does not exist

but then what would that do? nothing

I would probably have the main bulk of the program written in C/C++, no real 'decompiler' except IDA disassembly for that and there is a library for including python scripts (in c++)

oh i tried to do it by hand.

never bothered to look up if there were tools

<_<

perhaps C would work better

this is the code for the 'mechanism

import os
import sys
import logging
from datetime import datetime
from time import *

logging.basicConfig(filename="pyos.log", level=logging.INFO)
now = datetime.now()

current_time = now.strftime("%H:%M:%S")

def antipiracy():
  logging.warn("[" + current_time + "]" + ": this software utilises the EN_LICE_ULOCK mechanism")
  sleep(2)
  f = open("LICENSE.txt", "r")
  sleep(2)
  logging.info("[" + current_time + "]" + ": anti-piracy test complete, execution starting...")
  sleep(2)
  logging.error("[" + current_time + "]" + ": if script has not run, then we have detected a bad apple")
  logging.critical("[" + current_time + "]" + ": required file has not been found, please get a copy for the script to run")

if it runs on a machine that the user controls, it can be cracked/bypassed

why do you have random sleeps in your code

that's uh

not good

i know, it pauses the code...

but why

also what even is any of this

you're not using .error() and .critical() correctly

its the worlds worst anti piracy module

you're just seeing if a file named LICENSE.txt is present

i know

which, btw, is probably not the name you want to use

because it usually has the contents of the project's open-source license

would it be better to replace everything with keys?

generated keys validated by python

becuase thats the only alternative i have so far

There is no real way to protect against piracy in pure Python unless you are a wizard

the only way you're realistically going to implement anti-piracy with python is if you move some of your logic to remote servers that the user does not have access to

this key-verifier uses pyCrypto

oh yeah 😐

I can just patch out the pyCrypto checks very trivially...

I have some tests here: https://glitch.com/edit/#!/join/21952e55-55ca-4716-b970-2a02ef2f5f31

goto rkeys/

yeah, cool, I can just replace def piracyprotect(): [...] with a def piracyprotect(): return True

actually, forget that'

how on earth are you going to remove write access on my machine

if you wan't to make changes i'll let you

changes? no amount of code is going to help here

no, but then again...

you can test the code and see

okay, maybe i'll just scrap this...

Hi there. I was just wondering if someone would be able to tell me how much experience (months or years) I should have before learning about Cyber Security in Python.

I think learning about security best practices is a day one exercise

Also, doing any kind of cryptography on your own ( "rolling your own" ) is frowned upon. There are many packages that do what you want to do. Feel free to ask any security questions in here and we can try and point you in the right direction

I see. My main question is "What are some things I should learn in Python before I start learning about Cyber Security?"

I am only asking because I only have 5 months of experience with using Python.

And the best project I have done so far is making a discord bot.

Well, when you say cyber security, what are you referring to?

Things like prevention against CSRF/XSS/SQLi? Web app stuff?

Uh

I am not too familiar with what you just said, sorry. 😂

My main goal is to use Python to break into systems, and then repair the openings for bad people to not get in.

CSRF: https://en.wikipedia.org/wiki/Cross-site_request_forgery
XSS: https://en.wikipedia.org/wiki/Cross-site_scripting
SQLi: https://en.wikipedia.org/wiki/SQL_injection

oh

SQL

I see.

We can't assist with any kind of breaking into systems here

I see.

Does Pen Testing count?

It does

Ah,

How would I be able to learn that?

Mostly because we have thousands of people on the server, and you never know the intention of other people. If you were to use something for legitimate purposes, that doesn't matter, because other people may wish to use that knowledge for less-than-legal purposes.

Oh, I get it.

Also, we're a partnered Discord server. So that changes the rules a bit.

That sounds about right.

I am just asking because when I grow older, I want to keep systems protected.

So I want to start young

In a general sense, or with Python projects?

wdym?

I mean, are you talking about security in the general sense

or are you talking about securing/protecting Python projects

No, I am talking about it generally

Ah, alright. So..

1. Backups

Always

Also, make sure your backups are NOT connected to your system.

Yeah

If you have an external HDD/SDD, and you have it plugged into your computer, and you use it for backup, it's not backup.

Preferably, two. One off-site, physically.

If you do not mind me asking, are you a Cyber Security Expert?

So that way if your house burns down because a meteor, you might be gone, but your data is still fine. 😄

lol

I have always thought about building a mini data center

Kinda like a DIY server rack

If that's what interests you, sure, go for it

But yeah, backups are necessary to anything.

Another thing is that if you feel like any of your devices are acting strange/slower than normal for any reason, and you can't point it down to anything, don't hesitate to do scans or reformat.

Yeah,

I always do scans

Also, if you are dealing with a compromised system, reformat, always.

I see

And also,

in what ways do a VPN prevent an attack?

Well, let me backup

?

In regards to compromised systems

It depends on what the system is

If it's your home computer, and you clicked a random link, then it probably doesn't matter and you should reformat

I never click on links without knowing what they are

But if there's anything important on the system, or it's a website with personal information, you don't want to reformat

What would you do in that case?

You want to remove the system from the internet

Also, you want to get as much as you can via forensics

True

Try not to shut the system off, either

True

Because then anything in RAM is gone

then that would give the hacker full access too

??

If it's disconnected from the internet.. ?

No,

if it is connected

Well, you can never know for sure how their malware is setup

That is true

Could have a deadman's switch that shuts the system off if it's disconnected from the internet as well

Yeah

But being disconnected from the internet is the smarter move

I agree

A good idea is setting up a proper threat model

Which means?

1. What information/data/files/etc do you have?
2. How should you protect that information?
3. Who are you protecting it from?
4. What happens if this gets out?

Oh, yes

But yeah, there are a couple folks ( xx / bisk come to mind ) that hang around in here. If you have any questions, one of us are bound to answer.

I will.

Thank you very much for your time

👍 You're very welcome

You have been very helpful

Someone's trying to hack my server

I think that sometimes trying to hack my server because I'm seeing a lot of suspicious requests

That look like trying to exploit

Yeah, chinese bots most likely

Are you using flask or apache/nginx?

Flask

Production mode

Do you have logs enabled?

Firstly can, you afford to take it offline.

I have logs

I can take it offline

The hacker was the only 'user'

They have an account on your service?

It's an open rest API for a game

The game is free and makes post requests

Do the request paths match your static paths / routed paths.

@terse fiber Simply seeing questionable GET/POST requests doesn't mean they were successful

This hacker is making their own http requests

Their using all sorts of different paths

My game only accesses one path

I see attempts for /wpadmin and php all of the time

Which is hilarious, because I don't have PHP installed at all

If its unspecific then its probably a bot.

It might be a bot

If you can share some of your logs, we can get an idea if it's a bot or not

I'll share the logs in a few minutes

Alright, take your time

85.209.43.189 - - [27/Apr/2020 03:07:43] "GET / HTTP/1.0" 200 -
85.209.43.189 - - [27/Apr/2020 03:09:02] "GET /nmaplowercheck1587956941 HTTP/1.1" 404 -
85.209.43.189 - - [27/Apr/2020 03:09:02] "POST /sdk HTTP/1.1" 404 -
85.209.43.189 - - [27/Apr/2020 03:09:02] "GET / HTTP/1.0" 200 -
85.209.43.189 - - [27/Apr/2020 03:09:02] "GET /HNAP1 HTTP/1.1" 404 -
85.209.43.189 - - [27/Apr/2020 03:09:02] "GET /evox/about HTTP/1.1" 404 -
85.209.43.189 - - [27/Apr/2020 03:09:03] "GET / HTTP/1.0" 200 -
85.209.43.189 - - [27/Apr/2020 03:09:03] "GET / HTTP/1.1" 200 -

92.63.194.30 - - [27/Apr/2020 04:45:30] code 400, message Bad HTTP/0.9 request type ('\x03\x00\x00/*à\x00\x00\x00\x00\x00Cookie:')
92.63.194.30 - - [27/Apr/2020 04:45:30] "^C^@^@/*à^@^@^@^@^@Cookie: mstshash=Administr" HTTPStatus.BAD_REQUEST -

current server time is 27/Apr/2020 04:50:28

Do any of the paths match your routed ones.

i only have one routed one and none of these are

i only have one api route on my server

although / works its not a api route

That last one is using 'mstshash' which is used for RDP. Hes not very bright if hes using a http port.

I wouldn't worry, hes trying trivial stuff.

Bad chars, large post parameters that sort of thing.

If you are more concerned check over your code.

What really gets me is they're trying HTTP/1.0, HTTP/1.1 as well as HTTP/0.9

So yeah, that's a bot

it looks like 2 separate incidents to me

Bots regardless

I'd implement some Fail2Ban filters

Would be easy to do, since they're just jails with regex

is it normal for a bot to download a game, and scan the web request?

download a game?

i assumed that the only way to find my server was by downloading my game and sniffing the packets during interaction

unless they found a way to get it from the executables

nvm

They're random bots

Doesn't take long to scan the ipv4 internet

ipv6 might take longer 😄

looked up the ips. first is China-related and second is Russia-related

my bad i don't know these things

The IP origin doesn't mean much

Though, you won't find much linked from the U.S. when it comes to these bots. There are even NSA bots that won't originate from the U.S. because it's frowned upon to do so 😄

So it kind of all just looks like a bunch of random bots

haha ok

This hacker is making their own http requests
@terse fiber automated bots. Safe to ignore, but I recommend setting up fail2ban.
i assumed that the only way to find my server was by downloading my game and sniffing the packets during interaction
@terse fiber There are many ways to find webservers. There are tools which scan the entire internet range of IPs in less than ten minutes. You also have things like certificate transparency logs, if you've ever registered for a SSL certificate.

+1 for the certificate logs

so, I put together a project for a hackathon, and in the spur of the moment, I realized I pushed my api keys to github
specifically for firebase and google maps
I don't really care if people steal the data, there's nothing there
but am I personally at risk because of that?

is there any security reason for my personal account that I should try to revert that?

You can't revert it. Git history stays forever. Automated bots will grab the tokens and use them to do whatever malicious things they can, depending on what access scope the tokens have.

You should generate new tokens and invalidate the old ones.

You should generate new tokens and invalidate the old ones.
Truth

ASAP

Hello

I'm looking for an interesting project about cyber security

something including networking security algorithms etc

can be anything

Please share asap I'm bored

@tired mica Always invalidate API keys if you accidentally post them anywhere, even in an image.

and yes, you'd be on the hook for anything that happened with those keys

@solemn arch You had a question about routers?

On a separate note, https://www.immuniweb.com/ssl/ is neat.

You mean your internet router?

Quite a few questions. So, there's ARP spoofing, changing DNS, and manipulating anything that goes through the router

Decrypting HTTPS I don't believe is an issue if you're not accepting random root certs

I believe... Kazakhstan was doing that?

Ah, yep, that's a thing -> https://www.zdnet.com/article/kazakhstan-government-is-now-intercepting-all-https-traffic/

That mostly boils back down to ARP spoofing/DNS poisoning

Others may know more about this than I do

supposedly not 🙂

at least I hope not

no idea what that question is

I don't believe HTTPS traffic can be decrypted either, considering that would make any site using HTTPS at risk

I guess? Don't see what it has to do with your router tbh

if you have a perfectly fine router, and you point your web browser at http://www.plz0wnme.com, you'll get the virus

I guess it's faintly possible, but it's not something that keeps me up at night

Strictly just a compromised router and nothing else? I don't believe so

if the content is unencrypted, then absolutely

Sounds more like a TEMPEST attack, some kind of RAT or otherwise.

Wireshark, probably. Would be easy to find the IP address you went to.

if DNS is malicious, and you're using https, your browser will warn you

if you're not using https, you've just been 0wn3d

if DNS is malicious, and you're using https, your browser will warn you
Moreso if the site has HSTS

If you're using HTTP, you won't get anything to do with HTTPS/TLS

Well,

Do you know what HSTS is?

Alright, so HSTS is a header which forces HTTPS

So if I go to, say, http://example.com

Then if it has HSTS setup, it'll redirect to https://example.com - moreso if it has the preload directive, which means that all websites that are set to preload, will be preloaded with your browser

Which means it'll never go to the http version

So, if you don't have HSTS, you can possibly go to the http version if you don't explicitally specify it.

If you don't have https setup at all, then you don't get the protection involved with it

https://securityheaders.io

That site explains a decent amount about it and other security headers

@solemn arch Does that make sense?

You can't setup hsts/https on site you don't control, no. But you can setup something like HTTPS Everywhere which is an add-on that forces HTTPS for sites within the rulesets it has

https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/

You can get it for Chrome too, but I'd suggest Firefox personally.

https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp

It has an option where you can setup your browser to only connect to sites that have support for HTTPS, and doesn't connect to any HTTPS

The certificate won't match up

But I'm not sure if that's right

@olive lark Can you explain that bit?

which?

which?

which?

from https://en.wikipedia.org/wiki/DNS_spoofing#Prevention_and_mitigation

Secure DNS (DNSSEC) uses cryptographic digital signatures signed with a trusted public key certificate to determine the authenticity of data. DNSSEC can counter cache poisoning attacks. In 2010 DNSSEC was implemented in the Internet root zone servers.[4], but needs to be deployed on all top level domain servers as well. The DNSSEC readiness of these is shown in the list of Internet top-level domains. As of 2020, all of the original TLDs support DNSSEC, as do country code TLDs of most large countries, but many country code TLDs still do not.

This kind of attack can be mitigated at the transport layer or application layer by performing end-to-end validation once a connection is established. A common example of this is the use of Transport Layer Security and digital signatures. For example, by using HTTPS (the secure version of HTTP), users may check whether the server's digital certificate is valid and belongs to a website's expected owner. Similarly, the secure shell remote login program checks digital certificates at endpoints (if known) before proceeding with the session. For applications that download updates automatically, the application can embed a copy of the signing certificate locally and validate the signature stored in the software update against the embedded certificate.[citation needed]

which?

which?

is Discord causing issues?

@olive lark

if DNS is malicious, and you're using https, your browser will warn you
But the above from Wikipedia details that

https lets a site annouce its domain name, and prove it. If you get to that site via some other domain name, the proof doesn't work, and your browser notices

so even if the site is lying, it gets caught

yep, googie.com could have its own certificate if it wanted

but they wouldn't be able to get a certificate for google.com without bribing the people who make certificates. Which unfortunately happens sometimes.

yep

it's not even that hard to test

you can override DNS locally by editing a file called (typically) /etc/hosts. You can put some IP address that you control in there, next to "google.com", and see what your browser does

Yes, unless you get an illegitimate certificate for that site

it would make it obsolete, except not everyone uses https

and then there's the bribing-the-cert-authority problem 😦

it would make it obsolete, except not everyone uses https
Except that's where HSTS comes from!

Look into Diginotar 😉

probably nothing in practice

in theory it's probably some sort of fraud

varies by country

DigiNotar was a Dutch certificate authority owned by VASCO Data Security International, Inc.[1] On September 3, 2011, after it had become clear that a security breach had resulted in the fraudulent issuing of certificates, the Dutch government took over operational management of DigiNotar's systems.[2] That same month, the company was declared bankrupt.[3]

https://en.wikipedia.org/wiki/DigiNotar

if your OS had some bug that the Bad Guys knew about, they could conceivably exploit it to make your OS do stuff you hadn't intended

I suspect this is pretty hard in practice, but I also assume that the NSA and similar spy agencies have whole buildings full of people who do nothing but this all day long

if the hacker works for the NSA, and it's his job to get to you? You're toast.

short of that you're probably fine

oh well I dunno

I dunno! That's why I said "I dunno"

@olive lark

I also assume that the NSA and similar spy agencies have whole buildings full of people who do nothing but this all day long
No need to assume, it's very much a thing

well now I know

Well, speaking hypotheticals, if you have Windows you also have a 25 character product key attached to your device.

I mean, if I were them, I'd do that 🙂

So considering that you connect to Microsoft to do updates, it wouldn't matter where you were. You'd essentially be advertising your IP by doing updates/connecting to Microsoft. So you could be targetted that way.

I've never seen an example of that, but it's certainly possible.

😄

Speaking of the NSA, there's also this: https://nsa.gov1.info/dni/nsa-ant-catalog/usb/COTTONMOUTH-I.jpg

Which is just neat honestly

It's terrifying to say the least

Well.. You say is there a way to detect if your router has downloaded things without you knowing. What do you mean by that? As in, to the device itself or to other devices on the network?

routers can definitely highjack non-https downloads and serve malicious ones instead - I've seen this in practice

I was just about to say that if it's HTTP, sure.

But HTTPS involves a bit more things, and it's normally done by compromising the server the file(s) is/are on

which is why you should also download the signature file and check it using pgp

a "hijacked router" is basically synonymous with a MITM attack

@thorn obsidian While I have you here, what do you know about Extended Master Secret, or RFC 7627?

not much

Found http://apache-http-server.18135.x6.nabble.com/Support-for-RFC7627-Extended-Master-Secret-on-mod-ssl-td5052291.html, and I can't find much about it at all

tls isn't exactly my speciality

Just surprised I can't find much about it. There's pretty much no reference to it anywhere except in a few places that I keep going back to. Which even then, those aren't that great to begin with.

Is someone willing to walk me through a public Github project re: webscraping/using proxies? I'm interested in understanding how people get passed robots.txt rules, but I'm relatively novice to Python

I'm building my own website that will host quite a large amount of data, and I'd like to take a proactive stance against scraping

@thorn obsidian a USB implant is entirely unecessary: https://www.sciencedaily.com/releases/2020/02/200227143752.htm

I'm sure the NSA is leagues ahead of the last Snowdon/Shadow Broker leaks

I'm interested in understanding how people get passed robots.txt rules
@dim prawn robots.txt is very honestly just a suggestion - bots/scrapers can just choose not to obey it. A lot of sites actively block bots/scrapers that they detect are not abiding by robots.txt, but this isn't overly common.

I'd like to take a proactive stance against scraping
Something like fail2ban + Cloudflare would help here, I imagine.

Alright, I want to scrape HTLB and it's not working, haha

Thank you, though, for your response

I'd like to do it ethically, but it'll be my first webscraping project

read the site ToS

that's the first step to doing it ethically

It does not prohibit webscraping*

I just get 302 redirects when I try. I may be encountering something different altogether, but my first assumption is that it actively prevents high traffic.

My alternative, and it's the winning one, is to make a very SLOW webscraper. Which, I'm currently scoping

that's a normal response code

where are you being redirected?

it might be something silly like http redirecting to https

check the Location header in the response

This is the output:

https://controlc.com/a5f04cae

looks like you made an assumption about the data on the page?

Hmm, I think I actually see the issue.

I've been using a code example to try out the process from a Kaggle user... but he used a different format for the pages...

I think I got it! Thanks for interacting, it really helps me think through this black magic fugery 🤣

Instead of

page_url = 'https://howlongtobeat.com/search_results.php?page=%s' % page_id

I think it needs to be

page_url = 'https://howlongtobeat.com/#%s' % page_id```

But I'll have to wait, because the 'reactor is not restartable' which I assume is scrapy's way of stopping people from flooding websites

ReactorNotRestartable

If interested: I'm using this to try to learn from:

https://github.com/KasumiL5x/hltb-scraper

Damnit. No, that's not it. Any other ideas would be welcomed @lusty flare

I think it needs to be

page_url = 'https://howlongtobeat.com/#%s' % page_id

if that's true, you can't scrape off the page directly

why? anything past the # isn't sent to the server, but is rather used by client-side javascript

you'll need to open the page yourself and monitor the Network tab in dev tools to see what requests the javascript makes

Thank you @thorn obsidian , I'll make that my next task. I'm curious what I'll have to learn to understand it.

As a side note, I didn't know I'd love Python so much starting 4 months ago... it's like creative problem solving over and over, it feels great

So it does, in fact, create a search_results?page= at the end of the address, but I can't access/open it directly...

Alright, I identified the major thing I need to know to scrape this site and found a few tutorials on how to scrape client side rendered data with python.

Thanks for helping me identify that. This discord has been such a fantastic resource

how to scrape client side rendered data with python.
@dim prawn you probably don't need to do that

GoshDarnit

Well I see the information I need here:

yep. don't need to render that.

that's just response data, in html form

you can use beautifulsoup4 to parse that

Hmm, that's good news. I can do that with saved HTML files. How do I iterate the same scrape over every page, though? Looking at the Network tab on dev tools, it looks like the same search_results?page=1 is there, no matter the page

it looks like the search query is sent via POST parameters, for example when I searched for "half life":

queryString=half%20life&t=games&sorthead=popular&sortd=Normal Order&plat=&length_type=main&length_min=&length_max=&detail=

and the actual page of the search is passed via GET, ie ?page=2 at the end of the URI

odd choice to mix request params like that

Ok, so something like this:

requests.get("http://hltb.com", params=dict(
    query="",
    page=%s)) %page_id```

Then iterate over the page numbers?

Blank query is probably weird. I'm aiming to get all 40k entries

Dang, all I get are the page basics, no playtime data x name

@dim prawn That's completely different, though. Those were targeting microphones, right?

Attached to the bottom of the table was a microphone and a piezoelectric transducer (PZT), which is used to convert electricity into ultrasonic waves. On the other side of the table from the phone, ostensibly hidden from the phone's user, is a waveform generator to generate the correct signals.

Yeah, that's just using ultrasonic waves to do things. Completely unrelated to the COTTONMOUTH NSA item.

Also @dim prawn, that website you're trying to scrape uses hCaptcha ( as detailed in https://howlongtobeat.com/privacy ), which I can pretty much guarantee don't allow you to automate it.

Yep.

7. Misuse, Abuse, and Misrepresentation
   Any access or use of the Services other than pursuant to these Terms of Services and any instructions we provide is strictly prohibited. In particular, you WILL NOT:

register for more than one account with us without written authorization;
perform any task with the use of Internet bots, web robots, bots, scripts, or any other form of artificial intelligence or otherwise attempt to obtain rewards from IMI or any Requester or Channel without completing tasks as they are described;

https://www.hcaptcha.com/terms

Also, this isn't the right channel as it's not security related.

ah, crap.

Thanks @thorn obsidian I missed that - and yes, my bad.

Cottonmouth tries to exfiltrate information over RF's - I'm just saying, if a computer has a microphone, you can do it much less invasively through ultrasonic waves (I'm assuming it's technically possible because of the previously mentioned study, I'm probably right)

I'm not sure what information you could get from a Linux desktop system like Ubuntu through the microphone, but it's probably not much.

there have been proof of concept attacks using ultra sonic sound

done in lab conditions but quite interesting.

there was also a really interesting one where they'd tweak LCD backlights or blinking LEDs to exfiltrate data through a CCTV camera feed

very spy shit stuff

but also super slow.

Hello. I'm looking to rewrite some C# decryption code in Py, but am struggling. To dec: LJ71741Zyl6teSzgH6evOg==, key: dwqqe2231ffe32.

Here's what I have: ```python
t = base64.b64decode("LJ71741Zyl6teSzgH6evOg==")
k = "dwqqe2231ffe32".encode('ascii').ljust(16, b"\0")
aes = AES.new(k, AES.MODE_CBC)
r = aes.decrypt(t)
print(r.decode('UTF-8'))

A UnicodeDecodeError is thrown.

Anyone who can recommend me a god VM software for MacOS?

Preferably one that is secure

And free

@ocean sable VirtualBox is quite good and fairly easy to use. QEMU also works on Mac but I'm not sure how great compatibility is.

qemu (with the correct config) is the way to go if you're looking for security

hmm oki thanks a lot @compact night @thorn obsidian

@thorn obsidian Can you send your code as text as opposed to images? Also, are you just trying to do AES?

Course. Gimme a few mins. Yes, AES.

Not Mac and not for (what I'm assuming @ocean sable is asking for) virtualizing OS's, but for other people interested Shade can sandbox things like your web browser:

https://www.shadesandbox.com/

That's not something I'd use, nor suggest using. You're better off using VirtualBox or an actual VM system.

                        string cypherVersion = File.ReadAllText(SettingsManager.PATCH_VERSION_PATH).Replace("\n", "").Replace("\r", "");
                        resolvedVersion = Rijndael.Decrypt(cypherVersion, SettingsManager.PATCH_VERSION_ENCRYPTION_PASSWORD);

PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, null);
byte[] keyBytes = password.GetBytes(keysize / 8);```

@thorn obsidian Have you looked at https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/ ?

Also, read the warning at the top.

This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns. You may instead be interested in Fernet (symmetric encryption).

Me scare now.

Will try tomorrow.

^ never roll your own encryption

Always use packages developed by smarter people

I have a networking question:
Why use a tag when trunking is enabled on Vlans? Cant the switch know where to send it just by looking at the ip and subnet mask?

no.

@mental mirage

so a vlan allows you to virtually seperate a shitload of networks

they could all have the same address space for all that matters

this means you could have one router with 20 vlans that are all the 192.168.0.x space.

what you're talking about is probably possible but really not appropriate.

if you're sending multiple network spaces through a trunk, they HAVE to be tagged on transit

they then have to be untagged on the edge switch

and in reality what your suggesting could be exploited by just changing your (a client in the network) ip address range

you'd be able to access other networks on a whim

because vlans are handled internally on the network equipment, a user can't override them.

@thorn obsidian Solved. ```python
import base64
from Crypto.Cipher import AES

with open('version') as f:
b64_text = f.readline().strip()
text = base64.b64decode(b64_text)
key = (
b'\xc4\xd1\x0b\xea\x01\x85\xca>\xc1S\\xd5\x7fi\x1d\xf7t\x8f\xabhs\xf2\x13<\x11\xf5\x27\xfdY\x11W\x81'
)
iv = b'tq4edeji340tcvx2'
aes = AES.new(key, AES.MODE_CBC, iv)
ver = aes.decrypt(text).decode('UTF-8')

Newline wouldn't work for the key.

Now you need to change your key 😄

ahhhh #cybersecurity

the irony it's sometimes filled with

It's cool.

Is part of a soon-to-be public project.

please do not reuse the same IV for every message when operating in CBC mode

@thorn obsidian

oh, wait, you're decrypting something that's already made

my bad

Mmm-hmm.

Is only a game ver file anyways.

hello, i have a question, is it possible for get the list of proccesses that reads/writes a specific process(game)memory?(i need this for anti cheat system)

is this possible?

guys how can I encrypt my Python code by ip address or mac address ?

Could you elaborate on what you mean by that/

forget by ip address, I dont want the user to see the codes in my python app so if I made it encrypted as an app I can import socket then do if syntax to scan who is using the app and send webhook of user to discord

I just need to know how could I can make the code encrypted and unknown when the user try to edit on him, so could I ?

you'd have to use something other than python otherwise it's trivial to just modify the code to decrypt it

assuming you mean python code when you say codes

rather than API keys or the likes

so do you mean to connect the codes(python file) with decrypt ? when user open file it works ?

Hiding your python code like this won't work since your decryption code would be fully visible.

do you have any idea how to do this ? I checked in many sources but I didn't get my answer 😦

With python, you don't.

if without python , with what ?

a compiled language would be a better bet, but most people aren't going to run random executables on their system

Im converting the code to exe file (when I try to edit on him there is aliens language that no body understand) but it get blocked because The code call the function that I made, any ideas ?

https://passwordsgenerator.net/ is a website that generates random passwords with the option to "generate on your device"
how can I check if they aint lying? wireshark or similar or is there an easier way?
perhaps sb did the test himself? (please @ me)

@potent bay a super easy way is to load the site and then disconnect your internet connection

this is not 100% provable as it could be sending passwords to your client as part of the page load

@potent bay If you want me to be entirely honest, Some people make programs which make like 30 letter passwords using entirely random digits and ect. Try find one or try make one yourself friend.

true. I just want a fast way to create a password and clicking on a bookmark, generate, copy paste is pretty fast.
I have never done much with command line so far.
Using windows, I am thinking of creating a short little script that I can execute by just searching for password, pressing on it once and autocopying it to clipboard. what should I search for?
clip works with | clip afaik

also, remember there's no such thing as an "impossible to crack" password.

it's just what compute power can be applied and when

of course. but if I have a 20 character long password I dont see any1 bruteforcing it

tbh i generate a lot of random passwords by just sha'ing the current time/date

20 characters isn't that long

@thorn obsidian how's your crack machine handle something that length?

if you want a strong and memorable password, my advice is to make it really long and make it a sentence

(10 letters + 26 chars, upper and lower = 62)^20

'thissentenceismypasswordanditrustmysecuritytoitentirely' is a pretty good password

can remember it, lots of entropy

throw in a few other things that'd be hard to guess and bam

ok, for a master password i guess a sentence makes sense, yeah

my boss uses them for everything

I have some fragments in my head of prefious school and wlan passwords to throw in

i'd highly recommend reading the NIST guidelines on password security

they're the current best practice

they heavily encourage sites to stop using stuff like "must have special characters, 12 capital letters, the name of 4 dogs and the length if your left leg"

it causes people to create unmemorable and less secure passwords just to meet checks.

well, I wont remember 20 master passwords

'thissentenceismypasswordanditrustmysecuritytoitentirely' is a pretty good password
@lusty flare damn it, now I have to change my master password

correct horse battery staple

shuf /usr/share/dict/words | head -4

good thing is - sites like gitlab remember your device
and everything is in a VM anyway

so I guess it is more likely sb will hack me

bisk@lusty flaretop:~$ date | sha256sum
710b16bab58752f16cba7c3ae0684163cb205c34fe313ab9d406b6632382bc62 -

nice one discord, i really wanted to tag myself

just need to think of a good master password for the vm then

just go for something super long and memorable

👌

Thing is about bruteforcing though is that most people use common password lists found online, which normally used leaked passwords from most common to least

yup yup

When I was first learning about bruteforcing I had my own password list and fun fact: They never go over 7 letters.

humans are creatures of stupid and lazy

indeed

i've seen cases in work

@potent bay Have you ever heard of the eight letter rule?

I'd dispute that, but I'm too stupid to make a good argument; and too lazy to try

@thorn obsidian no

ok firstt of all

ok

where someone has been required to change their password every 6 months

so they end up just putting 1 on the end

of the old password

:|

The Eight Letter rule is where nearly any password over 8 letters that has a Capital, Non Capital and a number is uncrackable

for instance

the eight letter rule really doesn't fly anymore tbh

Xxxxxxx1

The password "Brekie2" Would be easy to crack, but something like "Brekanna192" is harder to hack

for pure random brute force, sure

that's computationally expensive

thing is
I doubt a big website will allow brute forcing anyway

If you want to test bruteforcing there are a few websites made to allow it to my knowledge

the biggest threat is if a password hash database gets leaked

then it can be cracked offline at MAXIMUM WARP

yep

xx's got a nice hash cracking rig and it'd eat up an 8char pass in no time

xx?

member on this discord

works in info sec

Ah.

I'm kind of newbie to python, I know basics and how to work my way around syntax but not exactly on the "Make your own bruteforcer" advanced

I'm doing my cambridge I.Ts this year for my GCSE Marks, Since I've only had less than a year to practice im constantly on it, so if you got any tips helperoni pleaseroni.

yeah, bruteforce is very much not something you're likely to see much off. any good website administrator is going to rate limit attempts.

the real threat is if a site you have an account on gets breached and their hashes get leaked

that's how most big password lists come about

When I get my first job I want to try get into ethical hacking, I want to either become a whitehat or a greyhat but... as a white hat?

if that makes sense

greyhat is a risky game to play.

Yes, I most likely wont be doing that

there's the very real chance someone doesn't like what you did and tries to fuck you over.

bug bountys

Thing is with greyhatting though; It isn't neccesarily malicious or on other people.

IT could just be me using exploits to change around my computer for fun

y'know?

i had a friend who broke into an aerospace corporations email server due to a flaw, managed to get access to huge amounts of documents

he set up anon accounts etc to inform them of it

and the response was.... not good.

What was their response?

they had US/UK military contracts so they were less than thrilled at someone reporting it

he was on edge for a while, in case he fucked up his opsec

lots of big threats and, legally speaking, heavy repercussions if they had found him.

Did they find him?

no. didn't stop him shitting himself for ages though.

Poor lad.

What language did he use?