or just modify the code

to print the values

also

you shouldnt be handling stuff that the user isn't supposed to access on the client side

that should be done server side

how can i have csrf protection for my site i made in flask?

The form is submitted through post request

🥺 😢 😭

Don't post lmgtfy links on this server. If you don't have anything to reply, don't reply anything.

how about telling people to ask properly

but sure will stop posting the right anwsers with a little fun included

Wait so if I dont want to reply to someone's question I dont have to answer them hmm interesting.......... 🤔

It can be enabled with the help of the Flask-WTF extension

oh thanks, i think this is what i need

No problem :)

Can anyone guide me on the way to create a secure E2EE socket communication thing?

I wanna use the best SSL library

From what I gather sha-1 requires a key but if I look up online sha 1 hash gen, it’s converts my plaintext to hash without a key?

Is it using a default key or what?

Maybe you are using HMAC with SHA-1 because SHA-1 is not keyed algorithm

sha1(message) -> digest

No cryptographic hash function I know that is not explicitly used for a HMAC has a key

interesting

Agreed

Is it true that there’s 16^32 md5 hashes? Since there’s 16 options for each character and 32 characters?

2 ^ 128 if i am not wrong

cause the digest size is 128 bit

that's the same number :)

yup

is there any good videos for learning python within a cyber security spectrum like automation scripting
Ik the fundmentals
and youtubers or udemy courses you guys suggest would be nice

so im kinda new to py and i want to make something like an encryption key type thing where i can set 'a' to = 1 or something so when i type 'apples are great' it will be '1pples 1re gre1t'

ah

okay

read the docs xD

!d str.translate

note that this scheme is completly unsecure

and barely even qualifies as "encryption"

does anyone know why kali linux in virtualbox is not working?

It's not Kali related channel

it is because

you have hypervisor

enabled

you can try turn it off

you can turn it off

in windows

features

uncheck it

and press ok

and then after it is finished you can try

virtual box

it can even be enabled in your bios

i think

when i tried

getting it

i had the problem

when i accidentally

click the wrong thing

Hi, I am looking for a way to fetch Windows AD user rights like CreateChild, GenericAll, etc. Any library available in python for doing that

Hi, I have a very basic doubt, I am trying to host an application on the Uni servers but it shouldn't be limited to intranet. The application downloads daily data from an external third party host. Earlier I was trying to whitelist their IPs and allowed their requests but now they added loadbalancers and switched to dynamic IP so can't maintain the whitelist. What would be the best way to open a secure connection for this ?? PS : I don't know much about certificates so resources will be very helpful. TIA

why do you have to whitelist

is this a case of asking your network administrators to allow the IP

yes we have admins managing the requests that can bypass the intranet

so they mentioned to create a whitelist of IPs, but now it seems difficult

hmm yeah

maybe set up an external server with a fixed ip

outside the itnranet

whitelist its ip, then when it receives a request it forwards it to the third party host

sorry for the cofusion but the third party now has the dynamic IPs so can't whitelist them

yeah, what i said is set up your own server

whitelist its ip

then the external server makes the request to the third party

oh so something like vpn

well not really

but that server that i set up is not secured

if you whitelist a vpn then anyone can access anything

i would suggest a VPS

okay so please mention if I am wrong somewhere, we set up extenal to intranet server, make request to third party get data and have an app to upload data to intranet since this IP will be static

so allowing all the ports on this external server

I don't want anyone else to access that data, guess in this approach anyone can interfere the external server

And one quick question as well if someone know the whitelist then can they do ddos attack using ip spoofing ?

well the external server would only allow requests to be forwarded to a specific service

and you'd give it whatever api token you want it to use

cant find it

im looking for best way to run arbritrary python code submitted by a user securely, i feel the best way would be to use docker, however im having a hard time figuring out how to start new docker containers when a script is submitted, any resources that might be useful? thanks in advanced

not sure but can colab notebooks help here ?

if this is a one time job

no, however i have found what i am looking for thank you
(in case anyone references this for some reason : https://github.com/python-discord/snekbox)

Hey, that’s our project :D

I have never used python security

but ill try

Which system software can we use for Django? For Security like login etc..

How secure is Django -> Stackoverflow (That can help you)

ye

🙂

Hey so I made a port scanner and I'd like to run it, but I don't believe I know enough about infosec to run this. What are some things I should do before running it??

dont run it on anything unless you have permission

first test on yourself

@fading basalt I was just about to talk about a port scanner

My port scanner has a flaw in it though and Im confused

from socket import *
import sys, time
from datetime import datetime


host = ''
max_port = 5000
min_port = 1

def scan_host(host,port, r_code = 1):
    try:
        s = socket(AF_INET, SOCK_STREAM)
        
        code = s.connect_ex((host, port))
        
        if code == 0:
            r_code = code
        s.close()
    except Exception, e:
        pass
    
    return r_code

try:
    host = raw_input("[*] Enter Target Host Adress: ")
except KeyboardInterrupt:
    print("\n\n[*] User Requested An Intterupt.')
    print("[*] Application Shutting Down.")
    sys.exit(1)
    
hostip = gethostbyname(host)
print("\n[*] Host: %s IP: %s" % (host, hostip))
print("[*] Scanning Started At %s...\n" % (time.strftime("%H:%M:%S")))
start_time = datetime.now()

for port in range(min_port, max_port):
    try:
        response = scan_host(host, port)
        
        if response == 0:
            print("[*] Port %d: Open" % (port))
    except Exception, e:
        pass
    
stop time = datetime.now()
total_time_duration = stop_time - start_time
print("\n[*] Scanning Finished At %s ..." % (time.strftime("%H:%M:%S")))
print("[*] Scanning Duration: %s ..." % (total_time_duration))
print("[*] Everything is good here! ...")

Here is th error:

  File "C:\Users\pchaf\Downloads\New folder\Security\portscanner.py", line 19
    except Exception, e:
                    ^
SyntaxError: invalid syntax```

Check for inconsistent quotation marks

User requested an interrupt'

The problem is there

is bcrypt good?

or should I be using any other hashing algo

except Exception as e

that's py2 except syntax

py3 syntax is what penoqo posted

I hear that argon2 is a better choice for hashing these days

It depends on your needs

was just making a simple login system and wanted to store hashed passwords

Argon2 should be enough like @fading plaza said

In Argon2 specs you have recommended parameters for authentication system

You can use them

argon2 okay

thx for the suggestion appreciate it

Your welcome!

is it pip install argon2-cffi or pip install argon2?

nvm figured it out

So I'm still pretty darn green to programming, so take this with a grain of salt, but I don't see the purpose of doing a try, except statement. What do you want your exception to do? I don't know about the e there.

haha I'm not even sure I can/am allowed to do that

@thorn obsidian i just took a closer look at your code

you're trying to run python2 code

using python3

dont use py2

or rather

Already fixed it

Someone helped me already.

Me and a friend made it a while back

windows stops you accessing some files due to security reasons but if you boot lets say linux from a USB drive, surely its a security risk since you can do whatever?

Well yeah you can always just take the hard drive out and look at the files

Windows does support bitlocker which encrypts your hard drive

so if (and this is just theory) i code/find a distro that i put on a usb that dumps the windows SAM and SYSTEM files from windows then i could extract passwords

Yes, it's easy to even remove user's password if disk is not encrypted

just from a USB drive? wow there goes my sense of security

Any

You can run different OS from USB/CD, you can attach hard drive to different machine

As far as disk is not encrypted you can read and manipulate data

damn, theres a cyber security project i wouldnt mind starting:
a USB that extracts windows hashes
i mean... urr... totally not doing that... educational purposes and whatnot

Well they will be hashes of the password

And at that point you're probably better off just copying all the files off then

I mean I’ve used hashcat to crack my friend NTLM passwords (that they gave me for my project) but surely passwords even in the form of hashes would be more beneficial since many people use the same password everywhere

Also if you have a USB, storing all their files might not be an option due to size restrictions and sending them over the victims connection might alert the victim

sounds sensible to me

can anyone explain to me how PwdumpX works

in detail?

I made a sample ddoser to use on my router and its not really working

import socket

target = input("Enter your router ip: ")

for i in range(1,100):
    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.connect((target,80))
    data = b"GET / HTTP 1.1\r\n"*1000
    s.send(data)
    s.close()

But when I put the ip in

s.connect((target,80)) socket.gaierror: [Errno 11001] getaddrinfo failed

what did you put as the ip

my ip adress

local or remote

like is it 192.168.1.x or something else

yeah my IPv4

wait nevermind

I used the wrong one before XD

I thought I used my ipv4

ah right does it work now

and just a heads up i'm only helping because this is a very impractical way of DOSing

and you've said it's only for using on your router

it's against the rules to ask for help with things that break the law

so

experimenting is good but

ya know

be careful

also in some countries developing hacking tools is illegal

Yeah this is a bad script for ddosing anything other then my own router

And I dont intend to use it for anything other then that. Thank you for your help

what doi do if someone token logged my discord

I think changing your password resets your account token if that was your question

dont see how this is related to python but ok

So im making a ddos for my own website/router (not for unethical use) and I thought it would be nice to implement it into a GUI. This is not working when I use it ```py
import PySimpleGUI as sg
import socket

sg.theme('DarkAmber') # Add a touch of color

All the stuff inside your window.

layout = [ [sg.Text('A DDOS tool to use on your own website and or router.')],
[sg.Text('Enter IP'), sg.InputText()],
[sg.Button('Attack'), sg.Button('Cancel')] ]

Create the Window

window = sg.Window('DDOS For Personal Use.', layout)

Event Loop to process "events" and get the "values" of the inputs

while True:
event, values = window.read()
if event == sg.WIN_CLOSED or event == 'Cancel': # if user closes window or clicks cancel
break

window.close()

for i in range(1,100):
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect((values[0],80))
data = b"GET / HTTP 1.1\r\n"*100000
s.send(data)
s.close()

When I click the attack button it doesnt seem to do anything. If I X out of it after It gives me this traceback:Traceback (most recent call last):
File "C:\Users\pchaf\Downloads\Python Scripts\Cyber Security\DDOS_GUI.py", line 22, in <module>
s.connect((values[0],80))
TypeError: 'NoneType' object is not subscriptable```

Can anyone help me fix the error?

Hello, my friend got infected with IGDM Ransomware, all he files are encrypted.. can anyone help ??

Just some suggestions

Hey guys, If i set a passphrase with rsa_keygen, how secure is it if i loose my privatekey?

In theory they shouldn't be able to do anything without the passphrase, right?

Hi, Is there a library to convert nTSecurityDescriptor object from ldap to a more human readable format?

no.

is the short answer.

passworded keys are the right thing to just in the event they're lost, yes

sometimes common ransomwares do have freely available decrypt software made available by security researchers

but don't just download and install stuff, you could end up making it worse

"oh no i have malware i better google how to get malware removed oh i guess i'll just download this program off this shady looking page."

Isn't that the first step in the pydis incident response plan 🤔

oh i thought it was this

https://tenor.com/view/spongebob-squarepants-fire-panic-blow-gif-4531289

¬_¬

I need some help with RSA encryption, anyone who can?

what do you want help with?

I can't understand how to calculate "d" the last component for the private key

everything else makes sense, but the damn "d" lmao

right, do you understand the use of d, at least?

Yeah

I understand everything, just can't caculate it, everytime I try I get a failed result

I would like to narrow it down to d = "equation" but it doesn't seem to be that simple

okay, so, when you have c^d mod n, what you actually compute is c^{d mod \phi(n)} mod n

where \phi(n) is Euler's totient function (the number of numbers less than n that are coprime with n)

Why mod phi(n) all of a sudden

shouldn't m = c^d mod n

Not with a phi(n)

It is

But the problem is finding d such that for any m, m^{ed} mod n = m

oh

How do i find that d then?

which means that you need to find d such that m^{ed mod \phi(n)} mod n = m

thus, d is the modular inverse of e mod \phi(n)

Can you join me in off topic vc?

Wait i can't speak apparently

I don't really like voice chats :/

also, I'm probably not allowed to speak as well, so...

Yeah I found out

Can you do an example, with like p=5 q=7 maybe, cause I'm still having a hard time understanding exactly how I find "d", once I understand I'm golden, but till then it ain't that fun lmao

ok, now I am, but back to the point.
Once you know that for every coprime integers m and n, \phi(m * n) = \phi(m) * \phi(n), and that for every prime p, \phi(p) = p - 1, I think you can understand what you need to do to find d

coprime meaning they don't share a factor other than 1

m is the message you want encrypted right?

In the last message, m and n are any integers greater than or equal to 1

I think I understand, I'll try working on that

RSA encryption is easy, but "d" sucks till you get it

then it's fun

RSA relies on quite elementary, but non-trivial number theory

how to setup tails with whonix

what's is the purpose of tails on whonix

uhhhh

i mean don't both whonix and tails have their own branded browsers?

i mean they both utilise tor so i can't see there being a vast difference

https://www.whonix.org/wiki/Comparison_with_Others#General

interesting round up with references

although whonix may be tooting their own horn a little

hi, I would like to start with security in python but I am not sure what to learn or where. Any recommendation?

security as in cyber security?

yes

What do you want to do? Attack? Defense?

Well security is a big topic. There is Red teaming and blue teaming/Attack and Defense. Attack in the sense that you are trying to break into systems to test its security i.e Penetration Testing and Defense in the sense that you are trying to defend an information system in order to prevent attackers from getting into it.

@tacit turret There is a lot you can do in cyber security.(I have been doing it for about a year now) There is Reverse engineering, Cryptography, mobile security, wireless hacking, Social engineering, Forensics, hardware-hacking and much more. It depends on what your passionate with.

@tacit turret People usually start off with overthewire challenges.
https://overthewire.org/wargames/ if you know your way around linux you may try pico ctf.

oof

why i cant install stmplib in python using pip

pls dm anyone know it

Quick Security question
When doing a application. And you need to sign in
Obviously the "keep me signed in button" works with cookies on websites.
With an App instead of using a cookie could you use a "random" (using os.urandom or secrets.random of course) to generate a code. That you send the client. And they can just send that to the server each time they connect instead of needing to login every single time? (unless stated of course)

@leaden crater

clarify "With an App instead of using a cookie could you use a "random" (using os.urandom or secrets.random of course) to generate a code"

So with a cookie. It obviously has a token inside it? That your browser sends to the server

Could you do something similar with an app sending the token to a server? Just not a cookie. 🤔

with an app

you want an app to communicate with the server

a python program?

so not a browser?

you've basically invented the login token

which is pretty clever but since it's already a thing unfortunately you get to read a load of best practices rather than share your invention with the world

Python yes

Ahh fair enough.
Speaking of best practises got any links?

@leaden crater sorry i was away

browsers use Cookies as an alternative to variables

its just how they store information about sessions

browsers are "limited" in a way

so if you want to use a python application instead of a browser then you can definitely do so without cookies

since python has more freedom

but cookies are also sent when a page is visited

to the webserver

thats correct

you type insanely quickly btw

@leaden crater you can just store the the data about session in regular python variables and then pass them via GET parameters

I would make a bet you already saw a similar pattern to "https://www.site.com?sessionid=52153" in the past

while browsing the web

Yeah

The "app" as such connects to a socket server its a chat app but (communicates over SSL dw) 🤔 But I am glad this is easy to do

Cookies are also easy to use

are you just afraid of them?

@leaden crater

i might have misunderstood you

No I just can't use them

does the server belong to you?

the one you are connecting to

Oh yeah yeah

I have total control over the script for the sockets and the machine

well then you should be good to go if you control the both ends

you can make the server retrieve the session data either from cookies or GET parameters

Ahhh good good

and then send those from a client

i thought for a second you didn't have access to the server, in which case you would have to follow the rules set by that server

and either place the data in Cookie part

or GET parameters

as server instructs

how so

Because its a socket server not web server 🤣

Sorry for being a little crpytic I wasn't quite sure what information you needed

thats what i needed

thought it was a web server

even wrote examples with requests

import requests

cookies = {
  "sessionid": 123
   }
r = requests.get("https://www.google.com", cookies=cookies)

import requests
r = requests.get("https://www.google.com?sessionid=123")

Now I feel like a dick 🤣 Sorryyyyyyyyyyy

could pass that value of sessionid either way

@leaden crater if its not a web server

why even ask a question about cookie

just curious

cookie is solely a web thing

It was an example.
The "cookie" inside it has a login token?
That login token I was wondering if it is a randomally generated and then if that would be something I could use in my app
So the app sends the token instead of asking the user to login every single time...

I was special I structured my question poorly.

@leaden crater cookies can contain absolutely any data not just login token, and they are created by the web server and sent to the clients

and when clients receive them, they are stored on their machines, and then sent out with every request to the server

👍 Thank you for clearing it up for me @thorn obsidian

np

@leaden crater just as a last note, i would suggest sending data from a client to a server in a json format

Oooh. Thank you

import PySimpleGUI as sg
import socket
#For PERSONAL ROUTER AND WEBSITE USE ONLY.
sg.theme('DarkAmber')   # Add a touch of color
# All the stuff inside your window.
layout = [  [sg.Text('Simple Python DDOS Attack tool for your own website/router.')],
            [sg.Text('Enter IP'), sg.InputText()],
            [sg.Button('Attack'), sg.Button('Cancel')] ]

# Create the Window
window = sg.Window('DDOS Python.', layout)
# Event Loop to process "events" and get the "values" of the inputs
while True:
    event, values = window.read()
    if event == sg.WIN_CLOSED or event == 'Cancel': # if user closes window or clicks cancel
        break

window.close()

for i in range(1,100):
    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.connect((values[0],80))
    data = b"GET / HTTP 1.1\r\n"*1000
    s.send(data)
    s.close()
    ``` Ill send the error message

  File "C:\Users\pchaf\Downloads\Python Scripts\Cyber Security\DDOS_GUI.py", line 22, in <module>
    s.connect((values[0],80))
TypeError: 'NoneType' object is not subscriptable
> ```

How is it related with security? I think that #user-interfaces is better channel

!rule 5

@thorn obsidian

also thats not even a ddos

It is not illegal since I was given permission, by myself...

I know it's more of a DoS then ddos

well, we can't confirm that

plus "be considered malicious"

does python verison 3.9 come pip pre installed

I am having issues running it

try py -3.9 -m pip install --upgrade pip

hello, im member of a group where we try to help people finding their cybersecurity path for free. If you are interested tell me to post more information. Thanks!

Guys, can u help me

Im tryin to make a port scanner

As u guys can see, its giving me error

NameError: target not defined

Hey, we won’t help you with a port scanner is this is usually used for malicious intends, sorry

Ah ok then

Ill delete message @void aspen

Thank you 👍

Np

I recently used a piece of code that detected if a port is in use so it would open the socket on another port @void aspen. I needed that in case I open my program multiple times it still needs to work, didn't know you can use this in a malicious way

socket.connect_ex()

Yeah, it is usually used to see the opened ports on a target machines, for finding backdoors

@void aspen u saw my code?

Yes

Off topic, sorry

@thorn obsidian you can claim any channel as mentioned there #❓｜how-to-get-help

Can u guys help me, im making proxy chain

If is that legal on server

oh sorry

If is that legal

Can someone help me

I have proxys, and i need just to make chain

why

yeah it's legal why?

My program takes in an email and password and then stores them in a database. The password is hashed in argon2 and the email is stored in plaintext, is that okay?

email@email.com $argon2i$v=19$m=102400,t=2,p=8$PeEEYPsgpSfTKngWQROfXw$tvdrXxUbqvKcY2v9+i8qkgthis is how it looks like

but imagine having more rows

that looks ok to me - i havent checked whether the argon2 parameters are suitable though

Anyone here that wants to try and crack my encryption?

is it competently implemented

wait so I need more information

that looks ok to me - i havent checked whether the argon2 parameters are suitable though
do I not include them?

@halcyon path can you post it?

also keep in mind that "rolling your own crypto" should only be done for educational purposes and never be used in production

I've got a theory that might not be plausible but I'll still ask if it is possible. It's in password cracking. Let's say I know the length of a password ie 12 digits long and only contains mixed alphanumeric characters and the algorithm used to encrypt the password, is it possible for one to find some sort of relation between the algorithm used and the password and use some sort of binary search algorithm attack where one can know on what end of the list(of a sorted list of all possible password combinations) of passwords is the password😅 cause if you consider the time complexity of Binary Search is O(logn) ? Thus if this can be done the password could be cracked in log(12^62)...... I might just be cooking up my own things, what do you think?

nope

any good hashing/encryption alg has no correlation whatsoever between plaintext and hash/ciphertext

so binary search won't work

https://en.m.wikipedia.org/wiki/Avalanche_effect

I think that its just base64 enc

No it's not lmao

I made it myself without modules

Ez decode

🤣

can someone help me i always get incorrect padding this is the code ```python
def aes_ecb_dec(key, enc_msg):
cipher = AES.new(key, AES.MODE_ECB)
ct = cipher.decrypt(enc_msg)
return unpad(ct, AES.block_size, style='pkcs7')

What library are you using?

pycryptodome

from Crypto.Cipher import AES
from binascii import hexlify, unhexlify
import base64
from pwn import xor
from Crypto.Util.number import long_to_bytes
from Crypto.Util.Padding import pad, unpad
from Crypto.Random import get_random_bytes
``` all the imports

enc func works though

Can you show me your aes_ecb_enc?

def aes_ecb_enc(key, msg):
    msg = pad(msg, AES.block_size, style='pkcs7')
    cipher = AES.new(key, AES.MODE_ECB)
    ct = cipher.encrypt(msg)
    return hexlify(ct)

You need to use unhexlify before decrypt

the format is fine, i just havent checked whether it's difficult enough to compute (memory size, iterations etc)
for example, shouldnt you be using argon2id instead of argon2i

@lapis radish binascii.Error: Non-hexadecimal digit found

Show me please code when you are calling aes_ecb_enc and aes_ecb_dec

def aes_cbc_enc(iv, key, msg):
    enc_msg = b""
    
    for i in range(0, len(msg), 16):
        if i == 0:
            xor_text = xor(msg[i:i+16], iv)
            enc_msg += unhexlify(aes_ecb_enc(xor_text, key))
        else:
            xor_text = xor(enc_msg[i-16:i], msg[i:i+16])
            enc_msg += unhexlify(aes_ecb_enc(xor_text, key))
        
    return enc_msg

I used argon2-cffi module to hash them, i dont know what argon2id is

But it is still secure right??

im not a cryptographer, so im not the person to ask. but according to my limited knowledge, the id variant is preferred for better security. maybe read the wikipedia page

also, read the docs for the specific module you are using

in this case, it's point #1

ah okay

pycryptodome

help pls lol

def hasNumbers(inputString):
return any(char.isdigit() for char in inputString)

username = input("Create your username: ")

if len(username) < 5:
print("Your name must be more than 4 characters. Please try again.")
if len(username) > 15:
print("Your name must be less than 15 characters. Please try again.")

password = input("Create your password: ")

if len(password) < 7:
print("Your password must exceed 6 letters. Try again.")
if len(password) > 30:
print("Your password must be less than 30 letters. Try again.")
if not hasNumbers(password):
print("You must include a number in your password.")

trying to figure out how to resend
password = input("Create your password")

if i do not fit any of the criteria
if len(password) < 7:
print("Your password must exceed 6 letters. Try again.")
if len(password) > 30:
print("Your password must be less than 30 letters. Try again.")
if not hasNumbers(password):
print("You must include a number in your password.")

put it in a while loop

while username_insufficient:

or something

then change to

username = input("Create your username: ")

if len(username) < 5:
    print("Your name must be more than 4 characters. Please try again.")
elif len(username) > 15:
    print("Your name must be less than 15 characters. Please try again.")
else:
    username_insufficient = False

Bruhhhhh

Hope this helps

while True:
    username = input("Enter your username: ")
    if 5 >= len(username) or len(username) >= 15:
        print("Username must be between 5 and 15 characters. Your username was {} characters. "
              "Please try again".format(len(username)))
    else:
        print("Username \"{}\" has been accepted".format(username))
        break

??

Can someone help with this

It is showing error while downloading kali linux

where are you downloading from

and what are you running

From the kalilinux site

uhhh

link?

because i've never had to run any "*aszip.exe"

no like

which one are you downloading

64 bit

Installer

Anyone??

Hey anyone up

im pretty sure thats not the installer; the real installer would be an iso image

@vital lintel

Hey guys quick question.
I am creating a game called "Astroids" it's a basic simple game.
The reason I am creating it is so I can use it as evidence to get in univirstity to stud computer science and Graphics design.

The question is this?
Can I combine python with other codes such as C++ or C#.
My game I created is written in C++ I think, cannot rember now lol.
But the task I needed it to do I can't do with c++ but I can do in python.

So is their away that python can be used along side c++

I tried using LUA and java however they are still unable of the task lol. Simple because I think it's the software I use.

Please ping me when u respond.

Thanks Guys 😁😁

If not going I would have to re write my whole game in LUA and Java as these can be combined lmao.

Im pretty sure u can combine them @viral jetty

check this reference link out .. hope it helps, https://stackoverflow.com/questions/1153577/integrate-python-and-c#:~:text=Yes%2C it is possible%2C encouraged,it to be very easy.&text=Python%2FC API Reference Manual,extension modules or embed Python.&text=describes how to write modules,Python interpreter with new modules.

Yes but when i open the iso folder this pops up

iso folder?

Thank you soo much.
Have a nice Christmas guys.

im pretty sure its a single file usually

@vital lintel

Yes the iso file sorry

can u send the download link you used?

https://www.kali.org/downloads/

ok...

so the link is good

Yes but why is that error coming

ok so

if you look up aszip.exe

it says its a self extracting zip program

@vital lintel

btw

which specifc one did u use?

@cursive furnace come in dm

64 bit installer?

I recently got into doing CTFs. I have a background in Python web applications. The one I did was really simple and fun. Other people -- all pretty new -- were trying to figure out the basics of Django. and I was just like, "They published this site in debug mode lol"

It was obviously targeted at newbs but it was fun

Hey guys wssup

Quick question.
I was reverse engineering a site to get access to data endpoints but I came across firebase credentials with the db paths hardcoded on the client side js. A lot of people told me that this is not really a vulnerability since firebase connects on the client side with exposed credentials and stuff and I was not going to get external access to the db anyways, but the problem is that I did get access to their db and even came across further keys stored in firebase. So my question is that should I report this vulnerability to the company or not?

yeah

they should pay you to

thats a huuuuuuuge vulnerability

huge

if its a website you need to login to that is still a big vuln

they should pay you

they also might sue you

so uh

be careful

im not gonna offer legal advice but yeah i'd definitely make yourself very aware of how they might react before reporting things

so no reporting then? LMAO

Guys, im doin requests rn with proxies, and it sayin, Errno 110 connection refused, is that bcs of proxy or?

can you please give more info on that

He wants to make a get or whatever request to the host but with different-2 ip address

Its just bcs proxy got blocked

Nothing spec

I have a question regarding rsa encryption

I found this to calculate d, works perfectly, but i don't know why it works, like how, what is it

@astral briar e is just an inversion of d in some finite field so all what you need to break RSA is to find φ(n) where φ is an Euler function

As far as you know n = p * q where p and q are primes so φ(n) = (p - 1) * (q - 1)

I understand that and all, I just need the d = (φ(n)*i+1)/e explained. @lapis radish

It comes from congruence. a = b mod n means that a - b is divisible by n so ed = 1 mod φ(n) means that ed - 1 is divisible by φ(n)

If a - b is divisible by n so there is integer i that a - b = i * n

You can change this equation a = i * n + b where a = ed, n = φ(n) and b = 1 so you got ed = i * φ(n) + 1 and later d = (i * φ(n) + 1) / e)

You can read about congruences here: https://en.wikipedia.org/wiki/Congruence_relation

Hope everything is clear now

I understand the practice of storing a hash instead of the actual password for a login system however if the attacker gets hold of my database (which is stored an disk along with the login application) then while they can’t know the password, what’s stopping them simply replace my password hash with their own so they can enter their own password and login?

Someone might have a more expert comment than mine, but... generally, if someone gets the ability the modify entries in your database, they can do a lot of things.

Exactly, so nothings stopping them replacing the password and therefore being able to login to an existing account?

yeah, if they have permissions on some user to do that, yeah.

Is there any way to combat that such as storing check characters IN the hash that the attacker might not notice and confuse him?

Any other ways?

I think the most robust place to start is not getting the system the database is hosted on hacked. But at this point in the convo, someone with more practical and less theoretical knowledge should comment instead of me

Ah right, I’m making a password/account manager with works offline so storing vulnerable passwords elsewhere is out the question
Gotta rely on windows security I guess

i mean yeah if they're in your database then like

they can delete all your user accounts

so what happens at that point is basically anything

Yeah, that is the last thing you want to happen, so you can asusme if they can do that, all is lost lol

Typically people have configured firewalls, the user accounts on the system the database is on, the role for users on the database config all to avoid this

That's why current authentication scheme is wrong... I don't know why there are no systems based on hybrid cryptography with signing users' actions with their keys

what do you mean @lapis radish

the users actions?

You can assign public key to user account and sign with this key every action (like comment, post, settings update and so on)

Even when some hack your database the attacker cannot sign anything because only user has his private key

ohhh right

It's just a concept in my head but I think that every system should follow this path

Im designing a system and im just stuck on the storing of account details lol

winforms ^^

For example someone can hack Twitter database and post something as a president but how others can verify that is this fake or not? 🙂

lol yeah i see what you mean

If you are creating password manager you cannot use hash function to store passwords

only for the login system, then the rest use encryption

Oh okay

i might skip all this hassle and just use encryption for the login bit, then i can implement the same system for everything

it means the attacker could still log in but it would take a bit more work (generating password encryption and all that)

How about protection of data after decryption?

Do you want to store plaintext in the memory?

yeah id have to clear it from memory and all that right?

yeah exactly

so hashes are indeed the best option for the login

I think you should but I don't an expert of this

Yep, key derivation function is the best scheme to generate secure keys nowadays

As far as I know

ughhh 😆 this isnt even a serious or graded project, i'm just doing it in my free time

Don't be afraid of KDF 😂 it's like normal hash function but with some extra parameters

cant i just use SHA 256?, whats KDF (im a bit new to this)

or whatever C# natively supports

You can build KDF based on SHA2-256 like PBKDF2-HMAC-SHA2-256

It's more resistant against offline attacks

so its more computationally intensive?

thats fine actually

And PBKDF2 for example accepts salt as second parameter so it's additional level of security

Yes, this is the case

does KDF use salt?

In PBKDF2 you have iterations parameter

By default as far as I know

nice ill look into it

PBKDF2 uses salt and Argon2 too

There is something like HKDF too

thanks 😄

Your welcome

SHIT i just deleted my GUI

damn i guess il start again, i hadnt implement much code yet anyway

Use git or something

ah it just restored for some reason 😆 damn im a mess today

https://i.imgur.com/vm5qQaJ.png lol i spend the night trying to bot my teacher website comment section

now ima spam "Use recaptcha!"

uh

right

Does anyone have any cool projects that I can do? Security projects

the last project I did was a GUI that takes in credentials and stores them in a database with the password hashed in argon2id using SQLAlchemy ORM

it has register, login, and logged in windows, it's mostly just for if I forget things in the future I can come back and look at my code, but I don't know what else to do

I was thinking maybe an E2EE chat app?

maybe if I do make that I can merge it with the project I just finished that I just mentioned

that'd be awesome

anyway, any ideas?

please help
why cpp's socket is slow at sending?
it takes 15-30 seconds to send 65535 packets
compare to python, it only takes 3 seconds to send the same amount of packets
please help
(udp protocol)
The reason I am doing this is to brute force all possible port to perform udp hole punching to bypass nat

hey! anyone wanna join me asap to solve some CTF taks! thanks

#❓｜how-to-get-help

@frail kite Basically it is guaranteed cpp would be as fast or faster if the appropriate libraries were used as intended. Your code spends most of it's time waiting for something.

Python's sockets are a relatively thin wrapper over the operating system's socket syscalls, but C++ gives an even thinner wrapper. If you perform the same operations, C++ should do them strictly faster.

why is this a grabify link?

@rotund yarrow

what?

can a moderator delete that

please help

https://hastebin.com/ucimitugez.cpp
why code 2 is slower than code 1

python version

#code 1
import socket, time
s=  socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
t = time.time()
for i in range(1,65536):
  s.sendto(b"hi", ("127.0.0.1", 9000))
print(time.time() -t) // only 3 seconds for me
#code 2
s=  socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
t = time.time()
for i in range(1,65536):
  s.sendto(b"hi", ("127.0.0.1", i))
print(time.time() -t) // 30 seconds for me

@frail kite in the first code you are sending about 120k bytes to 127.0.0.1 on a particular port
in the second code you are sending 120k bytes to 127.0.0.1 on 65 thousand different ports

and its not a security related question so next time post a question like that in another channel

@thorn obsidian this is the same problem

not in C but I write this in python

and udp is connectionless

thus, it doesn't make any sense

It seems to be not a problem if you test it on unix

but I tried on my 2 window machine and the performance issue occurs on both of them

why are you so concerned about this

udp hole punching

timing is important

you can try this code for you self and the difference is not much

but why it run so bad on my machine

?

hi, how to protect my code from being read ?
is there a way to encrypt it and still easy to run ?
is pyinstaller very secure to do that ? or there is another way ?
when using pyinstaller it generate a VERY BIG exe File !
any suggestion or help ?

even if its udp I would strongly assume that sending the same packets to 65000 different ports via UDP would still take longer than sending the same exact packet times 65000 to the same port

there really is no way to prevent your code from being read/disassembled whatever language you use

and pyinstaller makes it harder for people to read your code but definitely not impossible

why do you want to do this

i want to write a software that transmit data to clients in secure way .
then in client side data should be decrypted some how to be used later. so maybe some one can figure out how to decrypt data by reading the code !
so how could it be ?

well how are you decrypting the data

are you storing the secret password on the client

yup . a part of it . i can send the other parts from server . as a changeable one.

that's a bad idea

you shouldn't assume that anything you send to the client can't be discovered by them

i am agree with you .
so how could i make my data secure ?

i think the way you're doing the transmission is a bit flawed

are you trying to send a different secret message to each client

and verify that only the right client gets it?

all clients are the same for me ..

so how is it a secret

is the distribution of the program limited to people you want to receive the messages

sort of ,

my program is [Scientific Program]
i used to create a python Env and feed it with readable scripts.

when sharing it , anyone can use the code or modify it ..
i want to make it harder to be read or hidden if possible ..

so i asked about how to hide or prevent others from reading the code ..
or compile it in a simple form not very big Size file
so what do you think?

guys how do install pwntool (python lib) as a linux CLI

any one here a experienced ethical hacker?

pls text me

pip3 install pwntools?

Im not even gonna lie that name and those messages makes you seem like a skid. 🤣

plus the pfp

Yea...

I'm trying to make a program where you can connect to another machine using sockets and communicate with them and I want to do it securely, so I want to establish an encrypted connection with the client, like End-To-End encryption

Use SSL

is there any good easy to use libraries out there that I can use for my program that encrypts data?

What do you use to send data?

I wanna send it over a socket connection

just socket

You can use https://cryptography.io/ if you want to build something on your own

Nah I don't wanna build it on my own

I'll just use SSL

checkout http://docs.pwntools.com/en/stable/

what is this?

Is this for pentesting?

yes

Anyone know if fail2ban detects illegal path traversals?

@thorn obsidian this channel is related to pythons ecurity, what you are asking would be better in an off topi channel

!ot

oh, sorry for the interruption of the topic, thanks for the info

how i can obfuscate my python code?

Quick look at Google and I see that you can compile your code into byte-code and distribute in this form
https://stackoverflow.com/questions/3344115/how-to-obfuscate-python-code-effectively/7418341#7418341

but

with that

i still can make my .py an exe?

pyinstaller generally needs a py file

why do you want to obfuscate your code

what

thonk

do you know what "skid" means

Merry Christmas Everyone. Keep Safe.
Also thanks for everyone helping me too when I need help with coding.

Merry Christmas x 🎄🤶

Guys what Script do i need if i have a bitlocked usb Can someone give mt the script to un lock it

You can't remove bitlocker encryption without the key

it would take more than a billion billion years with the world's fastest supercomputer

Hashcat has BitLocker mode since 31 Dec 2019 so you can try to break password

But it's kinda offtopic here

i dont have the key its for my customer but i dont have a script lol i was wondering if there was a pythoon script

as I said, I could give you a script but it would take a billion billion years if you have no idea at all what the password is

and it's secure

Try to ask NSA #joke

NSA only have $ 290 millions per day to spend on spying people

Do you need to know data structures and algorithms for cybersecurity?

if you have that amount of money

?

You should but it depends

@lapis radish Yeah I think if learn data structures and algorithms then This would benefit me for problem solving you know what i mean?

It can help you ofc

it's conspicuous

For example if you are a pentester and you are trying to break some code (like app for mobile devices) knowledge about data structures and internal processor layout can be helpful to find vulnerabilities

@lapis radish absolutely right

I like that example

👍

sha512 hash starts with $6$ right

sha512crypt, yes

waut

anyone have ideas for cyber security related projects? I already made a portscanner and various other things im just bored now

lol same

I finished my login/register program and I'm bored now

I don't know what to add to it anymore

maybe a UI? But I'm more focused on security related things

security! security!

@sonic drum code some exploits

where is the cryptography section ?

You can ask here

Let's say I have implemented token auth for my web application.

Could a user theoretically brute force the token stored in the cookie, until they match the token of another user? Then be able to log in?

Brute force is always an option

So tokens' space should be big enough that brute force is wrothless

@lapis radish so, long tokens to ensure that there are a load of possible combinations, therefore making brute force take exceedingly long?

Yep and chance to get token used by another user is small enough

what does a port scanner do

scans any open or closed ports on a target machine

You can implement DES and attack using differential cryptoanalysis

It's nice introduction into block ciphers and cryptoanalysis

Why is this channel dead today 😞

?

Some people know scapy here ?

I know scapy a little

do you know what it said like matplotlib not imported and also texte smth ?

like i use matplotlib for jupyter notebook

How is it related with scapy and security? 😂

it's on scapy

when i load scapy

i got those two messages

this

but i've installed both

check python versions

and venv

how do i check venv on linux

for python3 --version i have 3.6.9 and python --version i have 2. 7.12

how are you running scapy

and run which scapy and which python3

hmm to launch scapy i do sudo scapy

why sudo

also it may be using a different python install somewhere

i am following the scapy documentation where they do " sudo ./scapy "

but since ./scapy doesn't work i just do sudo scapy

i see

what did which scapy and which python3 output

for which scapy : /home/tom/.local/bin/scapy

and for which python3 : /usr/bin/python3

Is there any non terrible way to do PGP operations in python

Haii, can i ask where should i start for studying security?

everytime you use a requests.get

the site counts as a "viewer"?

@patent lion ah then you need to sudo pip install matplotlib

since otherwise python wont read from ~/.local/lib/site-packages

where i assume matplotlib is installed(by default)

hi how can i ethical hack?

Hey @pallid epoch, we don't allow talking about ethical hacking here, because we have no way of verifying your actual intentions.

When I do sudo pip install matplitlib he said requirement already satisfied

can cyber security be doneby py

Python can be/is used in cyber security

that means that matplotlib is already installed. you might not need the sudo though

also, your question is offtopic for this chanel

O

can anyone suggest a cool security project with Python?

What do you mean "cool"?

whatever cool means for you

Do you want to contribute, use or what?

i'll edit that: can anyone suggest a security project with Python where I could learn some fundamental sec skills?

You have https://cryptography.io/ where you can use cryptographic primitives, you have scapy to capture and manipulate packets

nice, thanks

do you have any personal sec projects with python?

I have few

Your welcome!

@lapis radish would you like to talk about them? I would be very interested

Grab some free help channel, it's kinda offtopic here

isn't this a security python channel?

We can talk here, this is not problem for me but maybe mods have different opinion 😂

talking about python sec projects in a python sec channel doesnt sound off-topic to me

Right.. So, what do you like to learn?

i would like to get myself into web app pentesting since it's a field with high demand

but i was interested in what you worked on

sharing your experiences

I worked with steganography and dictionaries generation for hash cracking

Mostly

wow, that sounds cool

personal projects or for work?

Steganography for my studies, dictionaries generation for work

There are good tools to generate dictionaries but there are implemented in different languages - like CUPP or duplicut

I don't have experience with pentesting but OWASP sites should be good place to start

You can implement simple backend detector (returns server's OS and HTTP server type and version) for example

thanks for the suggestions

i will look into that

Good luck

hii

anyone arround

Hey, no need to ask to ask, just ask

what do u do work or study

u

Wdym?

i wanna ask i m going for networking diploma and then cyber security diploma

i m free for 3 months

and i was just wondering i should learn those languages that should be helpful in my cyber security career

like python c and java

ig python is used for automation in security domain

and c and java idk

or any other lang

can u guide me

Yeah, that would definitely be valuable

I'd recommend you Python and C, but I'm not sure if learning both would be possible in 3 months

If you are motivated enough, I think so

Java is useless for CyberSec honestly

There's no real reason to use it

i m done with all my python basics i started a month ago

and i m thinking to learn python selenium automation and web scraping

rn

is it good

and also tell me other than this i should learn machine learning with python?

also i was wondering that when i would be doing that cyber security diploma i could learn all this at that time too what u say ?

No, that isn't going to be useful for CyberSec, at least I don't think

machine learning

Well, it depends on what is included in the diploma, if there's programming or not

yes so

no for machine learning

what after learning c basics

what all i can do with that and what i have to do with c for cybersec

C will have low level access to the computer resource, this is very important for some work

so for now i should learn python automation and c basics only

there?

what

I'd say get comfortable with both languages

how, i didnt understand

what do you mean by 'there?'

i was asking r u there

being comfortable with a language, u mean learning their basics and all the domains they are used ? @void aspen

can i have ur 5 mins pls

Not necessarily all the domains they are used in, it would be way too much

yeah

thats what i was wondering

Just know how to do some simple stuff in those languages

not to tackle real word problems

bruh u confused me

ok leave i will ask someone else, i will go with some blogs

how can I know ifmy machine

has something bad caused by a .py f

file

Check file source code

like a --verify

there is no way that can be ofuscado?

Obfuscated*

You can run virtual machine with suspected Python script and check any I/O operations or disk changes

how much it costs

Qemu has something named cow

What do you mean costs? Dolars, time?

dolars

Idk

Unless the script is obfuscated or encrypted in some way, I'd think code analysis would be the most direct and least expensive route.

if you have money

Assuming you have someone with moderate python experience.

which service would you paid for?

Right, obfuscated/encrypted code can "wait" for good time to attack

I fail to see how a service is going to provide that for you.

its not reallywrong

with my machine

As Morowy described, you can sandbox the application

and observe its behaviors

but even that is non-deterministic

You can build it on your own or find some cybersec analysts

since the program could do something harmful in 60 minutes or 60 years

or or act on some input that does not exist in your sandbox

there may be static analysis tools that will do preliminary analysis

but again, whatever they spit out will probably require you to dig into the sources for usable details

is this a post mortem analysis?

yeah

That script is the least of your worries.

worries about what?

The fact that it exists should be your primary concern.

I assume it's a root kit or some kind of bot client?

something like that

im not interested in my machine

but in the info

You mean data exfiltration?

I mean

I wanna know if I can afford

Afford what exactly?

whatever

piece of information

Hiring someone to provide full forensic post-mortem?

yes

$ 20k ?

if it's not illegal I can pay directly

All I can tell you is that in 2006, our firm started at $10k for basic imaging and preliminary analysis.

I have no idea what the market looks like today.

There's nothing illegal about having someone image your compromised system and provide root cause.

I can afford it...

Well, you're asking in the wrong place. There are plenty of companies which provide forensic systems analysis.

yeah

o give it up

im not searching things

Have a nice day.

have a nice day too and a happy new year

i appreciate your attention

Hey @deep mirage!

Hey @deep mirage!

Here is an experimental encryption algorithm I have created.
It is not very secure, but it provides basic encryption and decryption with symmetric key's and parameters.
Type help encode and help decode for the command syntax.
https://paste.pythondiscord.com/alonilofaz.lua

It also says lua for some reason

But it is a python file

can someone help me with a homework problem, i am new to python and i really really need help

it involves a question regarding the vigenere cipher

You shouldn't ask for homework answers online.
It is considered cheating by most.

@balmy mural are you having problems with the cipher or the python? I can help you with either.

We have a policy against giving answers to homework problems, but not against helping with homework problems. Doing the work for someone else is cheating (and defeats the point of the homework), but helping someone to understand the problem and to work out the solution is teaching (and that's the point of the homework in the first place). And for homework (as opposed to tests, for example) use of external resources is usually allowed.

Is "never trust the client" a good way to go about security?

It's always a good way

Never trust user input

Always check both sides of the one way road

In real life too

Okay, so matter who uses my product, no matter what they do, it is not trusted

alright yeah

that makes a lot of sense

🙂

if a person uses a credit card from a foreign person in USA, for example

that person cannot be judged, but in case of the adress bill are in USA

getting a mandate is difficult to put that person in jail?

i was talking to my comp sci teacher earlier this sem and he told me that using plenty of exec() in my program may cause security issues as the inputs may be processed as code?

does any1 know more about this and can tell me a bit more about it?

exec makes you vulnerable to what are called "injection attacks". If you ever take input from the user and wind up passing it to exec, it could wind up doing anything that the user wants - writing or deleting files, making network connections, etc

eval has the same problem. People frequently use eval to make a calculator, by doing something like:

num1 = input("first number?")
num2 = input("second number?")
print("Multiplying them gives:", eval(num1 + "*" + num2))

but the problem is, what happens if the user doesn't type a number, but instead types print("Hello world") for instance?

!e ```py
num1 = 'print("Hello world")'
num2 = '5'
print("Multiplying them gives:", eval(num1 + "*" + num2))

@rotund yarrow :x: Your eval job has completed with return code 1.

001 | Hello world
002 | Traceback (most recent call last):
003 |   File "<string>", line 3, in <module>
004 |   File "<string>", line 1, in <module>
005 | TypeError: unsupported operand type(s) for *: 'NoneType' and 'int'

note that it ran the print("Hello world"); you can see it there in the output.

so if instead of print, they were to start a new evil process, let's say, you're going to have a bad time.

You should never use eval or exec on any string unless you already know exactly what it contains, and that it doesn't have any untrusted user input mixed in.

the "use eval as a calculator" thing is fine, if you make sure that the user gave you a number, only a number, and nothing else, for instance. But it's unsafe if they're allowed to enter anything at all.

can someone tell me what account leeching and slayer leecher is?? can my account get "leeched" or hacked???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

icic, got it ty

@olive iron

https://www.bing.com/search?q=account+leeching+wikipedia&qs=n&form=QBRE&sp=-1&pq=account+leeching+wikipedi&sc=0-25&sk=&cvid=E5C6CA7012164C99B1061A30A5571D67

very simple

you have the internet, this is a programming discord, not google

in your case bing

is there anyway for one way encryption
eg: encrypt string with a key, cant get the encrypted string back
but you can re-encrypt the same string with the same key and get the same encrypted string

I think you can do that with UUID5

>>> uuid.uuid4()
UUID('e817d382-e08c-4351-a1ba-1db2a25207ff')
>>> uuid.uuid5(uuid.UUID('e817d382-e08c-4351-a1ba-1db2a25207ff'),"hi")
UUID('38f9b040-a72c-5027-945a-fcc9f71a6274')
>>> uuid.uuid5(uuid.UUID('e817d382-e08c-4351-a1ba-1db2a25207ff'),"hi")
UUID('38f9b040-a72c-5027-945a-fcc9f71a6274')``` is this what you mean @weary hull

UUID('e817d382-e08c-4351-a1ba-1db2a25207ff') is the "key"

and you can use UUID5 and the UUID4 key to "encrypt" a string and get some other UUID, like hi with the key of UUID('e817d382-e08c-4351-a1ba-1db2a25207ff') will get you UUID('38f9b040-a72c-5027-945a-fcc9f71a6274')

if you choose a different key, it'll be different

Well conceptually it's a salted hash

Or alternatively asymmetric encryption with an unknown private key

uuids aren't cryptographically secure afaik

but yeah thats basically hashing

https://en.m.wikipedia.org/wiki/Cryptographic_hash_function

https://docs.python.org/3/library/hashlib.html have some common hash functions, but most of them are pretty weak by modern standards.

Hey guys, I converted my python file to executable using pyinstaller, and Windows Detector among other various security software is detecting it as a virus, how to fix this?

guys need help... working on a web scraping code with selenium. the website blocks bot action but grants access to manuel input. what can i do?

It will generally show that for any unsigned exe downloaded from the internet. There is some links to various resources and such here : https://stackoverflow.com/questions/48806909/how-to-pass-the-windows-defender-smartscreen-protection

!rule 6

ㅐㄴㅅㆍ

Hello, Is there any way to have Voice Identification (as a Biometric) in Python?

@civic bolt You need to get some samples, create models and compare audio from microphone for example with your models, stored somewhere

I have some examples from my studies and we worked with LPC and MFCC methods to extract data from audio samples

the problem with malware generally isn't that it takes more than 20 lines

Hello @mental relic, let's not share articles about malicious projects please

Hello, Is there any recommended library for handling and interpreting CTI Sources . I have been looking some for my open-sources project

I dont think there is a way for them to do such antibot protection since with selenium you can simulate human activity very well. So the mistake, in my opinion, is that you are not interacting with the correct element. Try setting .value attribute or using .sendKeys()

And try to interact with every possible element in the area of the text bar

Thats how I solved similar problem to yours

@violet light detecting bot-like activity is very easy, its what recaptcha does

also check the user agent

You could also do what WAF's do, they usually check for mouse clicks, user-agent, ip (whether it's a proxy/vpn), how long you've been there, the cookies, etc.

Yes but I used undetected chromedriver

You can either use this ore edit one variable of chromedriver in hex editor

And with undetected chromedriver it is hard for websites to detect you. They may give you a recaptcha, thats true, but they dont know that u are a bot for sure

Undetected chromedriver can bypass even instagram anti bot protection

So I doubt that the website inputs are blocked for bots

I think thats not the reason

Best for me would be if B2_Code_B2 provided me with the website he wants to bot so I could figure out whats going on

Just wondering can i make a .py file "non crackable" i want to give my friend my tool but i don't want him getting the source 🤔 (tldr:how to make .py to safe .exe)

why don't you want them getting the source

does it have a secret in

or is it just about protecting the code

Anybody always can make reverse engineering of your exe...

You can use Pyarmor if you don't know much about obfuscation. Pyarmor can be reversed (heck I've done it myself), although it gives a relatively strong protection for Python files. Otherwise, you can create your own (you can take notes from Pyarmor), but, only do if you know what you're doing. If not, it'll be really easy to reverse it.

Alright, thank you for a proper answer.

👍

Anyone have an idea of what else I should add ping me if so? Really just covers the basics here. (This is just something I'm doing for fun, probably won't use it in any project) https://i.imgur.com/UwRJh96.png

wtf is "undetected chromedriver" @violet light

anyways it looks like it just patches window.navigator and console.log(why?)

plus enable a few flags

still can be detected

also

!rule 5

and that bullshit with a "hexeditor" makes you sound like a skid

@thorn obsidian actually i'm pretty sure what you're asking is how to compile your program.

obfuscation is also another preventative measure you can take if you suspect your friend will try to reverse engineer your program

but yeah you can compile a program in many different ways, there's apps like auto-py-to-exe that'll do it for you or you can do it yourself via the cmd terminal

What? No

It really is undetectable

just search it up bruh

like I was able to be undetected on a page with Cloudflare

selenium chrome driver is detectable because it has some string in it with a certain value if I understood it correctly, and the websites can easily check the string. You can edit the string chromedriver so the websites wouldnt be able to see the difference between normal chrome browser and the chromedriver

https://stackoverflow.com/questions/33225947/can-a-website-detect-when-you-are-using-selenium-with-chromedriver

Also please do not be toxic towards me, thanks. I am just trying to help that guy who needed it. Plus, I am not helping him breaking the law. I said that he should try to interact with different elements.

this line of code var_5 = subprocess.check_output("dir", shell=True) works as a python script, but when I convert this into exe, it just dont work

try:
            var_5 = subprocess.check_output("dir", shell=True)
        except:
            await channel.send('error occured')
        else:
            await channel.send(file = discord.File(io.BytesIO(var_5), spoiler=True))

I wonder if undetected chrome driver breaks the fifth rule 🤔

I got so many good ideas, like auto join to remote school classes

Yeah, it does break the 5th rule

Is undetected chromedriver illegal??

It is against most ToS, yeah

Then why is it so commonly used among web botters

ahh

okay

HEy there
Does anyone know about Nginx ??
I am being unable to block an automated web request. I used the deny <ip> in the location directive but nothing happens
I still see the <ip> in the access log

What do you do and what do you want to achieve?

@lapis radish Want to restrict an IP from making GET requests

It's making those requests using cURL

https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/?__cf_chl_captcha_tk__=1581bcf419e852ba606840f2aa7ff5c8d0cdb1ae-1609789425-0-AclbIKHDjZAdWjfd1FBsPM0kfC4qk3Gl_qbZIcNTlq3C0aCXA6vFuIvR0a7jkL_ovsa7RexmKuwlXMZNXpLrkFXM9tw5H1S5Z5JnX4AT5GLurNhEpPWJ3MHqzkyCt8B-YSCT1FMV6rpjbgHz2liXz4C1Aw57BNFY5kOILcrq85L2XYLUL_ohLbU6MaZ1dBibFpRyhw3bAmENcDjS_5kghnkjKkZjcuOv_CA5DmkO7ag0r2xJ1ddYaH4ND8AyZbZNBvfeNwGYQS4qEkSaAVV1VCG0Yh-LpyG8MH9gjXXe3_Wvkpkv2Q5E2v9Z71DHwHDPTwAQEGMuCGUDUinMZO6_wiyRkPC1BauJFsHcxbPgWa6SugGDHZ2KFlE4dzQEuiW5KP6Pr1YqZZLhEHpcjCxmcaAJMdA4oOfnFcO7ymPBg45hhJ1hdCJx7HsobGZqBeQy3m2_75TC5NbOkg6UJHnNj8JzQ1tVSjmXHKGf8mJD4eAabcaO2cuJuhdsSAQv4fL0QbL-C07ZarIPfMuKsE0tUk2beWWpcLsVIuK8ETI9m7bdfkpg90nu2wKjU6aceDuowcnZf4aPGnUNz93B0RFO8qvIpD7KLUYPLNDBKknc2cH9YWy4-XJDRamQjqOs-eZcG4e2z0odzBsnPBBxrQUMOH54FS1d3WcixghS7Uzxwjke

I followed this

And deny the IP at various places

Like location / {}
server{}
http{}

But IP can still make the requests somehow

There is info that allow and deny should be in stream or server blocks

Do you restarted nginx after changes?

Yeah

I did

Yeah, deny was in server block

Can you paste some code?

I restarted, reloaded, force-reloaded the server

Send the code

I won't be able to paste it.....

I shit down the PC and now out for a walk

So why you think that it's not working? Have you tried to block your IP?

I should have tried to deny all the IPs

No

Block yours and try to enter

That just entered the theator of my imagination too

deny <your ip>
allow all

Will try and let you know.
Will it be okay if I msg you personally later ?

Try to put it in the server block, restart nginx and we will see the result

Probably will do after a few hours

Yes, you can msg me tomorrow

Yeah, will do

Coll

*Cool

But I am not master of nginx

Oh, then you can suffer with me.

Okay, good luck then!

Ohkay bye