How do i can learn windows api, linux api ?

I mean i need a something like tryhackme.com

Hey, THM has rooms regarding the Windows API

For Linux, not too sure. You might have to buy some books or a specialized course on that. Nothing is off the top of my head right now so I can’t give you a recommendation

Uh, Can you give me some examples ?

Also im checking and researching THM rooms regarding the Windows API

You can find them via the search function in the website

Tbh, I cant find

Just typed "Windows API"

I used right now google and i did it

Just search "API" for better results on THM, adding the keyword "Windows" gives you a lot of unrelated rooms

Yeah, I just googled it and I found it

Cool

Actually it was the easy and best way to find the "Introduction to Windows API" THM Room

By Google

Google is great and that is a pretty good room too

Is there have THM room about "Google"

haha, there is a Google Dorking room, bit surprised there isn't a Google Fu room though

I think there is about Google dorking and how web crawls work. And Google research room

Oh yeah I guess Red Team Recon covers Google Fu and a lot more, forgot about that one

I see

Yeah

this explains this part of programming so neatly

I actually needed this

new to programming what language should i start with

Whatever you're interested in/ need the language for

But that's probably not the answer you're looking for so Python or C

Really depends on the things you want to do, but overall I suggest Python and Javascript, if you want to build bots then C++, Rust or Go

nobody likes Java it seems 😉

shadow likes java as that was their main object oriented language

BurpSuite is deprecating python plugins at some point in the future, their Java API is going to be only (eventual) way to write extensions

guess you can't move to kotlin full time yet

you probably could tbh

it's all bytecode in the end

can you just import dependencies from gradle into a kotlin env?

you can yeah

you can use gradle for everything else too

Interesting. Could do it in kotlin then

does quarkus function the same way/

?

probably

I just include the deps

sec

plugins {
    java
    id("io.quarkus")
}

repositories {
    mavenCentral()
    mavenLocal()
}

val quarkusPlatformGroupId: String by project
val quarkusPlatformArtifactId: String by project
val quarkusPlatformVersion: String by project

dependencies {
    implementation("io.quarkus:quarkus-resteasy-reactive-qute")
    implementation("io.quarkus:quarkus-smallrye-jwt")
    implementation("io.quarkus:quarkus-smallrye-jwt-build")
    implementation("io.quarkus:quarkus-mongodb-client")
    implementation("io.quarkus:quarkus-liquibase-mongodb")
    implementation("io.quarkus:quarkus-security")
    implementation(enforcedPlatform("${quarkusPlatformGroupId}:${quarkusPlatformArtifactId}:${quarkusPlatformVersion}"))
    implementation("io.quarkus:quarkus-mongodb-panache")
    implementation("io.quarkus:quarkus-resteasy-reactive-jackson")
    implementation("io.quarkus:quarkus-arc")
    implementation("io.quarkus:quarkus-resteasy-reactive")
}

for example

Hmm

that was autogenned by the tool IIRC

Curious about your opinions on something! I have a github account that Im going to be sending out to employers etc. I have a bunch of public repos. These are personal projects and they kind of.. not always reflect how I would work in a professional setting 🥲 'c-c-c-changes' commit messages and stuff like that. All of my professional work is locked in private repositories. Do you reckon I'd be better off hiding repositories that are not quite up to professional standard or do you think employers would prefer to see the enthusiasm for code with a variety of passion projects?

I almost want to make a whole different repo when I think about showing them my current one

haha

but if that's not possible, and it's not offensive, I think it would depend on the employer

it's definitely not offensive at least

Pretty sure we've all seen "improved things" type of non-descript messages

'updates'

also I don't really want them to know I'm "feath3rz"

imagine the info they will dig on me ;_;

hmmmmm

I think I might just... maybe set some to private and revive others a little bit to a decent standard. Gonna be some work though but thats OK

I'm learning java this term, I feel like it would be much easier to learn java if you know C first. Good introduction into OOP though

I'm new to cybersecurity and also programming. Does anyone know the best way to do multiprocessing when creating a program that is single threaded? I'm building a wordlist generator (https://www.github.com/fillup99999/hashorpass) it's in Python3

Code quality more important than commit messages imo

C or C++?

I don't know C++ but now that I think about it an OOP version of C would probably be closer to java

Java's base syntax is close to that of C, but there is a lot more

For python I'd use https://docs.python.org/3/library/multiprocessing.html

I want to send packet to GDB server that will set the breakpoint and append the condition at the end. The packet should look something like this:
Z0,5585e0221261,1;X12,26000622100222ec16080219162022141327
and explanation for the X... part is:

‘X len,expr’
len is the length of the bytecode expression and expr is the actual conditional expression in bytecode form.

in the provided case the condition I set was b 20 if i == 20, how can I create this X... part?

i'll be starting with python and c++

Strongly recommend you start with 1 language first, and get reasonably comfortable with it before learning another. Learn the programming constructs first, then it's a matter of syntax.

thanks for your suggestion

Gave +1 Rep to @magic falcon

resume

I js got it

Thanks @surreal bronze

Gave +1 Rep to @surreal bronze

Any opinions on shifting from python to Go for scripting?

Standalone binaries makes it pretty attractive

Go isn't a scripting language.

The point of scripting is that they are portable and not compiled

Oops

Hey, whats a good website to start with python

Could someone help me with finding an error (Or errors) in my python script? When I run it through the CLI it either hangs and I have to ctrl+c out of it or it returns errors but doesn't say what the errors are

Traceback (most recent call last):
  File "/home/ignor/Desktop/Python Scripts/nocat.py", line 134, in <module>
    nc.run()
  File "/home/ignor/Desktop/Python Scripts/nocat.py", line 27, in run
    self.listen() #If a listener is setup, call the listen method
    ^^^^^^^^^^^^^
  File "/home/ignor/Desktop/Python Scripts/nocat.py", line 62, in listen
    self.socket.bind((self.args.target, self.args.port))
OSError: [Errno 98] Address already in use

^This is the error, not the code

This one says the address is already in use (not entirely sure what that means but I can use a different IP/Port and it'll hang or just point to stuff, give a line number, and say nothing else)

I can paste the code but it's a bit long and I don't want to spam

That one means that something else is already listening on that port

What about this? ```└─# python3 nocat.py -t 127.0.0.1 -p 443 -l -c
^CTraceback (most recent call last):
File "/home/ignor/Desktop/Python Scripts/nocat.py", line 134, in <module>
nc.run()
File "/home/ignor/Desktop/Python Scripts/nocat.py", line 27, in run
self.listen() #If a listener is setup, call the listen method
^^^^^^^^^^^^^
File "/home/ignor/Desktop/Python Scripts/nocat.py", line 66, in listen
client_socket, _ = self.socket.accept()
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/socket.py", line 294, in accept
fd, addr = self._accept()
^^^^^^^^^^^^^^
KeyboardInterrupt

Do the arrows pointing to specific spots not indicate there's an error?

This one was hanging so I pressed ctrl+c

Hence the interrupt

I'm currently letting it hang for the maximum amount of time to see if there's a different output when the max time runs out. It's supposed to send an error message

Seems like it was waiting for a connection

Can I DM you the code? It's an easy/medium level project that I'm following and adding to. It's a custom NetCat tool. I have a bunch of comments to describe each block which helps me learn it all but I'm a bit stumped

Bit busy atm

Trying to debug some code that sometimes works and then always works with the debugger attached

race conditions like that are the best

I'm not sure it's a race condition

The maven command passes in the ide and fails on cli

Same command

Might be some shenanigans though, testing a few more things

No worries, I'll continue on to my next thing in the meantime! Which I think is scripting a tunnel

Welp that didn't work

If I run the test solo, it passes, if it's run with all the others, it fails

I'm still very new at programming but is there a way to debug compatibility between multiple scripts?

Eh?

Running a program that runs with other programs and fails only when it's run with other programs

Is there a way to test compatibility between programs

I may just be adding to the confusion

Automate a test case and work out how to tell that it works or not

Ah okay, trial and error

@brazen eagle I got it to work!

gj

So after trial and error, I was able to figure out that I needed to push the connection from both ends instead of one end

So I just ran two CLI's and found some spelling errors, corrected them, made a connection with my python tool and was able to run commands through the tool and into the target CLI

Woot

Now to write a TCP proxy

Gave +1 Rep to @tranquil flame

anyone else feel like video tutorials on programming are a waste of time? I paid $40 for a month's subscription to a website (a very good one by the way), but just realized that - in the end, unless you're actually coding things, and trying out the software for yourself, you're basically just entertaining yourself with the illusion that you're being productive, ha

imo ditch tutorials and just get coding ( as soon as you feel like you can ). Official doc tutorials are fine to set up your project ofc though

there are some good tutorials out there probably and its fine to watch them sometimes

but I mean drop the hello world tutorials and follow along ones. Official docs usually walk you through that just fine!

for sure, ha

how are you dolphin?

its going. haha

been doing a lot of programming though so thats nice 8) how are you?

i'm doing okay. today was kinda exhausing, but i'm home now. so, just have some music on, and am setting up a domain with hosting i purchased recently

ooh fun!

what kind of tutorials were you doing btw

Svelte. I'm trying to up my frontend game, ha

nice, I havent done much Svelte yet

how do you feel it compares to other frameworks?

it's my first one, hahaha

ahh ok

not a bad choice I think. Its not that big yet ( relatively ) but I hear a lot of positive things about it

you using tailwind with it?

no, not yet. honestly, i'm super new to this framework stuff. i mostly do backend, but i am full stack, but the frontend i've coded is seriously legacy. just html, css, and javascript, ha

I think they go sort of hand in hand or whatever. I always hear that combo in any case

yeah, i really need to get up to speed on modern frontend dev

wont be too hard for you I reckon 😄

for sure

do you have a fun project to work on while learning?

yeah. i need to make a website for myself. part of my personal brand or whatever, ha.

fun!

yeah, tbh, i'm really good at backend, but once i get better at front end, i'm thinking about starting my own business, but don't tell anyone haha

haha

you could do freelancer BE already probably right

get lots of $$$

yeah, but i kinda' want to get better at all of it. and also, in order to do business, i need to register a business plan with my city, which is kinda' involved. haven't done the market research yet. but you're probably right, and i appreciate your encouragement

let me know when you're ready to hire a FE dev for your business 😉

hahah

hahaha, for sure, that'd be awesome, thanks

btw, you mentioned you're coding some stuff right now. what sort of code are you working on?

its a little like a series of small projects that are connected

a while ago I started building my own 'style library' ( it's more of a foundation to kickstart new projects and take care of all the boring stuff ) and I wanted to eventually build a ( native web ) component lib on top of that. No templates, no nonsense, 100% vanilla. So right now im building a form module

its becoming quite nice

imo

I also needed to build a form for work so I decided, why not work on it as an independent project and then use it later on for work :p

for sure, that's awesome!

4 birds with 1 stone

lmao

haha

i actually thought about doing basically the same thing for my business. it's so important to have your own (non-employer owned) codebase to use in any use case

like, just pick and choose re-usable components

it can certainly be helpful yeah

save a lot of time

especially fi you just want an in-house library. Your own style. But usually its more advantageous for businesses to use something more common like React + Material UI

eaier to maintain and hire for etc.

totally.

and actually, after talking with my coworker today, i decided to switch from Svelte to React, simply for a more mature framework and industry support, even if it's a bit clunkier

also a good choice. React is everywhere

yeah, exactly

my coworker also got me interested in Golang. have you messed around with that at all?

like, for backend work?

no, Ive only really done some Java a million yrs ago. I dont really do BE unless its node hahaha

ah, i see. no worries

am intereted to do so in the future though!

that's cool. yeah, it's not too bad once you get the hang of it, at least for CRUD-based apps. things can obviously get way more involved than on the frontend, but i honestly think that's kind of what makes it interesting

but i think it would be awesome to get good at both, if that's even possible, and be able to make tons of money delivering entire websites that are up-to-par with modern standards

that would be amazing indeed. My plan is first to be mostly FE focused for a few more years. I feel I very much have my hands full on keeping up with that and achieving proficiency

and then later on, we'll see 😄

hahaha, oh man, that doesn't bode well for me, jk lol

(learning frontend next, haha)

its easier if you stick to specialising in 1 stack / framework

true

but I havent so. lol

hahaha

React is a good one

thanks, my coworker also recommended NextJS

yeah that will be good

nice.

I had fun with Nextjs + Prisma

hmm, haven't heard of prisma

its an ORM that is used with NextJS a lot

ah, i see

Vercel also have this.. what is it called... I havent used it but they built some cool tool that lets you deploy your next app on some vercel platform super easily. it sounded cool as

Vercel made NextJS

and a few other cool projects

Nice. for sure, i just learned that today as well

oh wait I think im confused possibly

funny, because Rich (Harris?) the inventor of Svelte works for them! ha

no, pretty sure Vercel made NextJS

yeah no they are the creators of nextjs

yeah

I had never really done SSGsg

ssg

and was able to quite easily get into next etc.

SSG?

server side generated

ah, i see. speaking of that, have you heard of HTMX? I literally just learned about that today ha

😮

no whats that

lol

from my rudimentary understanding, it's like, a new html markup that has a special way of communicating with the backend, which does most of the heavy lifting. like, most of the frontend logic is moved to the backend, and you can just interface with it using HTMX. But I literally just learned about it today, so definitely do your own research, ha. I still need to learn more.

hmmmmmmmmm

reading the site now

Do you watch the Primeagen on YouTube?

Ive seen some vids yeah

but not intensely following usually

ok, cool, yeah, no worries. i started watching an interesting video on it today: https://www.youtube.com/watch?v=NA5Fcgs_viU&pp=ygUEaHRteA%3D%3D

It's Prime and Theo talking about it

I only got like 6.5 minutes in then my lunch break ended though, ha

so i'll have to finish watching

lets see

all im hearing is

'hey were gonna do everything ery differently again'

hahahah

LOL

yeah, Prime has a lot of feedback, LOL. it's a long video too

Here's the video I watched before that: https://www.youtube.com/watch?v=0Sgf6FSkNfY&pp=ygUjdGhlIHByaW1lYWdlbiBmcm9udGVuZCBtYXN0ZXJzIGh0bXg%3D

and btw, that's the website i subscribed too, ha

ahh yeah Ive heard of that one

i just canceled though. the content was amazing, but i've decided no more video tutorials, lol just hard work and coding

yeah

dont get stuck in tutorial hell

fuckin' a, exactly!

lol

hm. Id have to actually try this htmx first

my knee jerk reaction is 'no' but dont knock it till you try it I suppose haha

no, i understand why you would have that reaction. and frankly, i agree with it tbh. frontend frameworks help create smooth interfaces for large web apps, so I don't think HTMX is going to replace everything

it's just a new technology i learned about

yeah its still cool

always cool to se epeople come up with new stuff to do other stuff

yeah, it can be overwhelming though. there's so much new stuff like all the time ha

yep

and 90% of the actual jobs just want React / Angular etc.

so if you go with that.... you'll be good no matter what, haha

exactly

I like that guy with the grey sweater

no framework on frontend masters huh. Very nice, I approve

a little while ago I stumbled on a 2 page website that was using React. 2 pages with basically only text!!!!!!

ridiculous. To FE prison

Ooh I really vibe with him. I should check if they have vacancies 😂

That’d be awesome

The people there are very high caliber

Sorry, I stepped away to get some exercise in

I was just thinking that I’ve never written a barebones MVC framework and I’m a backend guy. I should probably do that. Granted, for things like two page apps, even that doesn’t seem necessary

thats ok haha

yeah personally am very much in line with the philosophy of that guy ( Marc? )

in-house we make pretty much all of our frontends without any dependencies whatsoever

this is of course not always viable depending on the project. But whenever we make a website or whatever, we do that

my boss wont even let me use SCSS

hence Im very well trained in web components. Not so much in frameworks, but building web components forces you to think about patterns and reusability etc. So a lot of that knowledge is also very valuable for whatever framework you will use, it's transferrable

I would recommend to do it if you want to git gud ( deep into web I mean ) but if you just want to be able to build a nice FE with popular frameworks ( which is valid also imo ) for clients / work, then maybe don't bother.

I've never done work for a client the way we do in-house projects for instance

We're stuck using angular for front ends and that never ends well

#enterprise

I think Angular is not a bad choice for large teams

enterprise type of settings

forcing everyone to work the Angular way

At least it's not maintaining a 3rd party bug-riddled AngularJS-based system updated a month ago which introduced at least 3 new major bugs...

When you say web components, do you mean just raw HTML, CSS, and JavaScript?

isn't angular deprecated?

or is that just angularjs

AngularJs is deprecated (eol even), not Angular.

thought so

Oh had that one too

Angular JS is dead and buried, in theory

https://www.webcomponents.org/introduction

It is a specific way of building components. You dont have to use web components when building a vanilla FE for instance.

I prefer headless components normally so I dont make use of shadowroot and templates for mine. Just using the custom element / module part of it essentially

Thanks! 🙂

Gave +1 Rep to @clear lodge

Hello people

Hello

can i make a python script that stores stuff without needing a website

for example: i put in "beepboop" into my login page or something
then it saves in my database and then i can call back to it with another script?

there are so many ways of storing information, you'd need to give us your use case

for example, you could store it in

• an SQL database
• a JSON file
• a CSV file
• a TOML file
• a pickles file (direct byte stream)

a simple login page

not for a website i just want to see how it stores and stuff

a login page, as in a GUI?

or a website

i made the gui already following a youtube tutorial and i made my own seperate version but idk how to make login logic nor store it

and idk if i NEED to learn html to try making a login thingy

nvm i figured it out i think i use sql

Im going to ask this question here because I dont know quite where it belongs, but I am trying to use UACMe for windows privilege escalation. I have gone to the github page where it explicitly says there are no binaries listed, and that you have to build from the source to prevent "script kiddies" apparently (written in c and im not at all familiar with it so I guess they got me). I am assuming if i need this tool in kali linux I would need the compiled binaries for actual functionality. In essence what im asking is how can I get the compiled binaries for this tool on my kali linux machine. It seems straight forward using visual studio on my windows machine but I dont know how I would transfer the binaries over to my VM.

Use the file transfer option

VMWare supports drag and drop

Also with Virtualbox (after installation of Guest Additions)

do you not use shared folders with your vmware?

You could also do that

I just drag n drop

my man i just spent 4 hours learning to compile c code in 32 and 64 bit and I have no one to share my accomplishment with so im glad youre here. Ill try the drag and drop. I am assuming its whileyoure logged in just drag it to the screen?

Yep

preach

You know what guys

you were right

the CLI is a better idea than the menu, even for my project idea

https://github.com/MohamedKarrab/ktool

Does anyone have experience with AHK script?

menus are terrible ideas

Yeah especially in the age of automation

https://www.youtube.com/watch?v=oMRpODeXzho&ab_channel=ChromeforDevelopers

some very nice updates for web dev

IDK if this interests anyone but I am working on a red team program and am looking for fellow team members, open source program upon completion. If interested or would like more info DM me. It is based around red teaming operations with AI integration

im using pymssql and i want to retrieve the primary key of the row just inserted, but nothing i do is working

def test(args)
    query = "INSERT INTO Assets (ClientId) OUTPUT INSERTED.AssetId VALUES (%s)"

    cursor.execute(query, args)
    self.connection.commit()

    return cursor.fetchone()

a = test(tuple("client_id"))

this returns None, rather than the AssetId of the new record (which i can verify was actually inserted)

if i change the clause to OUTPUT INSERTED.DoesNotExist i get an error, so it knows that AssetId is a correct column, but isn't giving me the data :c

Insert + select?

Probably wasteful though

yeah that didn’t work either unfortunately

i just opted for sqlalchemy instead

as this supports it

even though it’s using pymssql anyway

Orm good

reposting here

Hi can someone point me to the right channel for this question. How come does macOS discord, ledger live, notion, any electron app run with the --no-sanbox option. Isn't that unsafe? Should I be concerned?

It would have been more appropriate to ask in #infosec-general as it's more of a general topic. Are these apps sandboxed by default? Why would they need the --no-sandbox option? If you can find the documentation for mac os apps, you'll likely find the answer you are looking for

Some of the sub-processes (Discord Helper (xxxxx) ) are sandboxed. You'll see the same for Google Chrome. The main process is not sandboxed, most sub-processes (Google Chrome Helper) are. 🙂

Are these apps sandboxed by default?
Usually, the reason being it prevents malware from escaping the chrome process into the system
https://www.google.com/googlebooks/chrome/med_26.html a cool image explaining the concept
Why would they need the --no-sandbox option?
Sometimes in linux environment you can face some system issues that only allow you to run it --no-sandbox, however, that is not the proper fix. This feature is most likely intended use is probably for debugging

Here in an example:
USER 12312312 80.9 2.5 12312312 312313213 ?? R 6:32PM 0:16.06 /Applications/Discord.app/Contents/Frameworks/Discord Helper (Renderer).app/Contents/MacOS/Discord Helper (Renderer) --type=renderer --user-data-dir=/Users/USER/Library/Application Support/discord --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --app-path=/Applications/Discord.app/Contents/Resources/app.asar --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --num-raster-threads=4 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1695717458390559 --launch-time-ticks=201267270808 --shared-files --field-trial-handle=1718373219636,r,154057531345987451718,24855323171759969884,131012172 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --enable-node-leakage-in-renderers

However, why discord engineers, would need so many non default options on production helper file is beyond me. If I had to guess it is an electron requirement

Probably it is to access the GPU for doing hardware rendering

or lazy programming 😉

Well, I doubt Electron is very clever when compiling, I'd assume that has something to do with all the flags as well... I'm not sure though, might be a Discord thing 😁

I just know that JavaScript bundlers usually are rather bloaty in general, and I assume Electron won't be an exception.

who uses python here

apparently the library are not being read T.T

will try to restart brb

?

do you use python

i am having this error

i checked my path

That means you haven't installed the module in any place the interpreter can find

have you installed it with pip?

are you using a venv?

yess, i installed

are you using an IDE?

bad timing, gonna presume you mean yes to installed and no to venv?

i am running it in the terminal

juust starting to learn

python

i strongly recommend you use pycharm community to learn from

it will make your life easier until you understand more about how python modules and environments and virtual environments work

python -m pip show pyautogui

does this show up installed?

yes

and then running python script.py, gives that module error?

yeaa

how did you install python? are you on windows?

yes

i am leaning it on windows to try on linuux later

you have complicated your life

yes

sorry

From what I read, someone had success in the CLI by using python3 -m pip install pyautogui

Probably better to do it the other way lol

Oh wait

I just... now read you're on windows

i recommend you create a debian, ubuntu or fedora vm and learn python in that first

yes i tried on my laptop it is working

but on my pc it is not is the os the problem

it will simplify the actual environment quite a lot, as windows does some stuff with PATH that if you don't understand how env vars work in windows, it will make your life much more complicated than it needs to be

the PATH i did that

watched many tutorials

none works

Did you reboot after saving the new env var?

yes

Then I'm out of suggestions for windows; if you were using a linux distro I could help you more.

Can you show a screenshot of that pip show command and then running the script please

That isn't the command I told you to run

ah wait

this one?

yeah ok

Why are you using mingw instead of just installing python for windows?

ah

AH

i installed it for C i did not know

Your environment is pretty messed up

okay now i know why thank you

Gave +1 Rep to @surreal bronze

Look into what Juun said, he knows what he's talking about

thank you also

copy

This is why I don't like troubleshooting windows dev environments that aren't Visual Studio 🙂

i will start using pycharm now thank you hahaha

if you are totally new to programming, pycharm is very nice - IIRC it bundles in the python interpreter in the windows version as well. I still think linux is a better environment overall for python, but YMMV

i am trying to run a scrpt that spams hello just for fun but i got frustrated and suddenly watched lots of tutorials for hours hahah btw thank you againn

Gave +1 Rep to @magic falcon

I want to 3rd using an ide instead of the terminal for learning. There are a lot of functions an ide will do automatically to take the burden off you currently. All stuff you have to learn later but if youre just learning syntax no need to over complicate it. I dont think pycharm has a free version anymore though

especially since with python youre not compiling so

pycharm community version?

pretty sure that is free

I didnt see the community version when i downloaded it

but they might have goofed me

https://www.jetbrains.com/edu-products/download/other-PCE.html

i have been goofed

just needed to google a lil harder

Pycharm community is still available - look for the 'Other Editions' link that is really hard to see

thats always the answer

I've got the toolbox subscription, i do not regret it

What kind of scripts do you guys find yourself writing that are related to hacking? My imagination doesnt extend beyond automation of system commands for this realm

I've had it since I graduated, even when I haven't had dev type roles, just because they make my life easier. And I enjoy writing code as a hobby as well

burp and zap extensions and plugins, data science, IaC playbooks

You write your burp extenssions in python?

you can do yeah

Is it using that jython shit?

if I recall correctly they have plans to drop support for it soon though?

yeah

I did before, the python system is now considered deprecated. Haven't learned the new Montoya plugin system yet

you can configure your burp extensions to explicitly use a different py interpreter than the built in jython

but the whole point of using jython is to reduce external dependencies

if you need cython performance in a burp extension, you should probably rethink the approach to what you want to do

Can you give me a functional example? Like what was an extenssion you wrote and for what purpose? Ive looked through a lot of there extenssion and a lot of em look very useful.

I don't publish my extensions, as my employer owns any code i publish

No i was asking your personal use ones

like your hobby ones

filtering for responses when doing a repeater analysis

ohhhh thats a good function

What's the difference between P-Hard and NP-Hard problems tho

There is no P-hard complexity category

P, NP, NP-Complete, NP-Hard

I'm interested to start learning it tbh, longer term goal though

it doesn't look too difficult. the most difficult part is goign to be learning the functions in the provided API

I have a secure coding question. It's a code snippet i came across in a book and it doesn't have a solution. I can't figure out what's wrong with the code, can someone see the problem?

 invalid_ip_list = []
        for ip in ip_list:
            try:
                if ipaddress.ip_address(ip):
                    pass
            except ValueError:
                invalid_ip_list.append(ip)
 invalid_ips.write(ip)
                invalid_ips.write('\n')
        return invalid_ip_list  ```

P.S. don't bother with indentation errors

Is there an error?

Apparently, yes.. I don't see it lol

No I mean when you run the code

No, it's not a code error. It's a logic error most likely. Some kind of security gap

I’m on mobile so I can’t really tell because the code is all over the place

@surreal bronze You love a programming problem

Are valid IPs being written to the invalid_ip_list variable?

There's not much we can help with without knowing the structure of ipaddress object

what is the .ip_address method

There's no other context sadly

well its then impossible to know what its checking for in the if statement

ip_address is within the ipaddress module afaik

the only thing I can think of is that

try:
                if ipaddress.ip_address(ip):
                    pass
            except ValueError:
                invalid_ip_list.append(ip)

the try/except won't pick up the invalid IP's that ipaddress.ip_address(ip) doesn't break on

so the if is vague here, that's the problem?

to be completely honest I'm not really sure, what does the book say?

Doesn't have a solution haha, I'm not going to spend too much time on this tbh

okay just move on

can someone screenshot the code

looks shit on phone

i have done an awful amount with ips and networking in general in python

It doesn't really look any better on Desktop

Or here is this

def validateip(ip_list):
 invalid_ip_list = []
        for ip in ip_list:
            try:
                if ipaddress.ip_address(ip):
                    pass
            except ValueError:
                invalid_ip_list.append(ip)
 invalid_ips.write(ip)
                invalid_ips.write('\n')
        return invalid_ip_list```

i agree with jayy without context it’s hard to know what is actually required

actually

i don’t think ipaddress throws a valueerror does it?

iirc it was some custom error

nvm jt is

https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Address
docs for anyone wanting it

maybe there is no file handler open? if that’s all the code given it’s the only thing i can think of

Looks like possible tainted data is being returned as is

If it's a webapp, that can lead to reflected XSS, but that's making several assumptions as to where the data is sourced and sunk

Where is invalid_ips being declared?

Could be something odd there as well

It's just a snippet. There's nothing before or after what I sent here

I agree with the unsanitized user data input though

But again, it has to be IPs since that's already a check in the ip_address method.

About the file handler, yes, I asked ChatGPT and it did ask to use with to write to the file and close it thereafter. Seems like a trivial edit but it's all I got

Usually code snippets like that are just to demonstrate a concept, in my experience it's usually a mistake to copy paste snippets into a different context and expect them to run as described

Anyone else here because learning java in eclipse for the first time?

I wrote this for KOTH ```#!/bin/bash

__ __

| |--.---.-.--------.-----.----.-----.| |--.

| _ | _ | | _ | _| _ || |

||._||||_|| | ||||

|__|

Author: Bamorph

Year: 2023

Credit: John Hammond

Notes: John hammond used the base version of this code in king of the hill agains Optional and others.

The original code was to use the tty command to determin your own tty session and then

'cat /dev/urandom > /dev/pts/5' into someone elses pts session. the result is the other

persons screen being completly spammed by random data.

Get the current PTS (your PTS)

current_pts=$(tty | cut -d '/' -f 4)

Iterate through all PTS except the current one

for pts in $(ls /dev/pts/ | grep -E '^[0-9]+$' | grep -v "$current_pts"); do
echo "Spamming pts/$pts"
cat /dev/urandom > /dev/pts/$pts &
done```

#SOCKETS

import socket

HOST = '127.0.0.1'
PORT = 7777

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #af_inet is ipv4,     #sock_stream is a port
s.connect((HOST,PORT))```

any idea why this isnt working and throwing attribute error?

Use
```
for code blocks

umm i just did? :3

Code blocks look like this

hello

ah yes now its fine ig?

Works fine here

i cant send ss here else i wouldve

but mine's throwing an attribute error

!docs verify

Anyone interested in https://www.kaggle.com/competitions/ai-village-capture-the-flag-defcon31/overview ? Ping me if you are interested

http://learnyouahaskell.com/
neat site about learning haskell

neat site for learning a lot of things kinda quickly:
https://cht.sh/

this is meant to be accessed via curl

Hey Team! Looking for some quick help on this one!

I'm stuck on a coding challenge and would need guidance as I am not to good at this!

I have the following code snippet as seen below and would like to know how to start to 'analyze' to get the flag? Thank you in advance for all the help!

`<?php
include 'config.php'; // FLAG is defined in config.php

if (preg_match('/config.php/*$/i', $_SERVER['PHP_SELF'])) {
exit("I don't know what you are thinking, but I won't let you read it :)");
}

if (isset($_GET['source'])) {
highlight_file(basename($_SERVER['PHP_SELF']));
exit();
}

$secret = bin2hex(random_bytes(64));
if (isset($_POST['guess'])) {
$guess = (string) $_POST['guess'];
if (hash_equals($secret, $guess)) {
$message = 'Congratulations! The flag is: ' . FLAG;
} else {
$message = 'Wrong.';
}
}
?>`

Also, how do you post a code snippit like this to be beautiful in discord? 😄

use triple backticks

```$language_name
code
```

<?php
include 'config.php'; // FLAG is defined in config.php

if (preg_match('/config\.php\/*$/i', $_SERVER['PHP_SELF'])) {
  exit("I don't know what you are thinking, but I won't let you read it :)");
}

if (isset($_GET['source'])) {
  highlight_file(basename($_SERVER['PHP_SELF']));
  exit();
}

$secret = bin2hex(random_bytes(64));
if (isset($_POST['guess'])) {
  $guess = (string) $_POST['guess'];
  if (hash_equals($secret, $guess)) {
    $message = 'Congratulations! The flag is: ' . FLAG;
  } else {
    $message = 'Wrong.';
  }
}
?> (edited)

Looks better in the PHP codeblock.

I'd get rid of that end part)

Copied too much 😂

Much better thank you

Gave +1 Rep to @lyric mirage

This issue has been solved now, thank you

anyone ever feel like they're on an endless merry-go-round of bullshit that just won't stop? like, learn this language, oh wait, no, that language sucks now, learn this language, oh wait, no, learn this new language that really just regresses back to the first language that had it partially right. it's like a never ending cycle of wasted time.

Keep in mind that each language has a specific use-case in mind when it was designed. Use the language for the use case it was intended for, and you'll have a lot less head-spin from changing contexts. That said, I wouldn't want to try to write code for in more than 3 languages without leaving some buffer time to decompress and re-orient between tasking.

I'm interested, signed up, how exactly do we start looking for the flags?

Is ThinkPad T480S good for general coding stuff(Coding, Unity Game Development and Hacking)?

24GBs of RAM
512GB NVMI SSD
İ5 8650U

Note that I'm on a budget

might be a bit light, but should be decent

weird question: If I have a singly-linked list and I just deallocate Next* and set nullptr, am I good?

it's gone and I can reset the whole thing that way?

Generally yeah

just don't go too far lol

keep a counter or smth

If you're paranoid you may want to zero out the memory space before deallocating

I figured RtlFreeHeap would handle zeroing memory but i'm not really sure

i'm sure very few do know

Depends on the language. If this is C, only the node you deallocated is gone, the others are a memory leak

if next points to null?

and yes it's C

You'll have to start from the tail

Then work back

yup. don't just cut the head off.

Common mistake

C or C++?

a chimera of both lol

mainly C

In C++ you can do this in the destructor

In C, you'll need a function

I'm trying for PIC, so I want to avoid VCRUNTIME.dll

yeh that's the plan

trying to get function pointers to C++ library functions sounds painful

Depends. If someone is manually allocating pointers, it may not be enough to rely on the destructor.

Haven't looked into what C17 or 23 brings

If you're doing a malloc in C++ you're doing it wrong, but yes

lol

or using new..... RAII is the new paradigm, shouldn't be using new or delete to manage memory.

Technically you can manually call the destructor

smart pointers is another option

@brazen eagle https://en.cppreference.com/w/cpp/language/raii

Tbh the last version of C++ I used was 98

Bits of 11 maybe

again though, I'm not sure how to dynamically load C++ API

oof. With C++11, things got a lot better, C++20 is way more fun to write

i'll likely use cpp for the teamserver... but Go seems like a simpler option. I'm not sure rn.

So autoptrs

Sort of

make_shared lol

and the others

I sort of see what it does though, cool stuff

scoped lifecycle. destructor and memory is managed based lifecycle; it's really handy, and it's much more reliable than garbage collection

Yeah I assume it does reference counting?

Only if you use a shared_ptr

i try my best to keep allocations tightly scoped

Usually a good plan

just create wrappers specific to those allocations

It's not doing reference counting, variable lifetime is explicitly the scope that allocates it

DestroyThis, DestroyThat

and just remember to use them when they're ready

So automatic compiler magic, gotcha

yep. If you are coding with raw pointers in modern C++, you are very likely doing it wrong.

Oh for sure

Still not touching C/C++ if I can help it

lol

Rust is also...a bit strange to deal with

Still too used to the exception paradigm rather than results

apparently it's not too hard to load cpp dynamically.. that might be an option.

but i'm already so far in, i'm sure I want to

Kotlin is nice 🙂

i would definitely not use C for user applications.

Nope

it's a pain lol.

but this is C2 specific

anyone knows py reverse engineering? i need help w sum but idk py very well

Just give the code .....

i made it nvm

Im trying to modify a Metasploit (or similar) payload to become FUD. Is there any specific practice or learning modules you guys would recommend to learn how to code those for PC?

Hello,someone's on the line

Hello, I got an error when trying to test the SparkApp on Local

Exception in thread "main" java.lang.IllegalAccessError: class org.apache.spark.storage.StorageUtils$ (in unnamed module @0x6c1a5b54) cannot access class sun.nio.ch.DirectBuffer (in module java.base) because module java.base does not export sun.nio.ch to unnamed module @0x6c1a5b54

is anyone could help me!!!

What version of Java are you using, and is it compatible with the version of spark you're using?

Java 17

if I change the JDK into 11

its worls!

but I'm confusing about this

Some older classes got removed in 17

okay

btw should I transfer into GraalVM for better Spark Performance

Nah, Graal won't help much with perf unless you're stopping and starting the JVM very often

Better off using a supported jvm

No cheating, what would you expect this to print?

(Python)

1
1

Now have a look

Actually probably an array

Don't remember how python represents those

Like

[1]
[1]
```?

Yeah

Now look at what it actually prints

On mobile, don't have a PC to actually test

Anyways this is assuming python actually follows scoping rules properly, which isn't a given

Right python doesn't scope variables properly

I had a sneaking suspicion it would do that

Hi someone know how to use Chat GPT api for free??

Make an account on their website to use it for free

i did a long time ago a reverse engegneering for use the chat as a API, but know doen't work anymore, I tryied to fix it but i can not do it...

Sounds like you’re breaking ToS bestie

So weird...

GPT API based-on token so you can't use it free!

yes of course you can if you do the reverse engegneer of th chat, the problem is that in the last two months it become complicated

Omg first time to hear it!

I mean, there's a reason why it's against their tos

specifically OpenAI, no. There are some startups with their own versions who offer free API access, but that only exists for about a week before they realise how much of a bad idea it is....

i used the free version like 1 week ago...

but know is not working because they change something

is not a bad idea why sepnd money if you can have the same for free...

but anyway I will work on it and i will do it again

#include <stdio.h>
#include <stdlib.h>
//#include <stio.h>
#include <time.h>


void initializeArray(int A[], int N) {

    A[0] = 0;
    A[1] = 1;

    for (int i = 2; i < N; i++) {
        A[i] = A[i - 1] + i;
    }
}


int linearSearch(int A[], int N, int key) {
    for (int i = 0; i < N; i++) {
        if (A[i] == key) {
            return i;
        }
    }
    return -1; // Key not found
}


int binarySearch(int A[], int N, int key) {
    int left = 0;
    int right = N - 1;

    while (left <= right) {
        int mid = left + (right - left) / 2;

        if (A[mid] == key) {
            return mid;
        }

        if (A[mid] < key) {
            left = mid + 1;
        } else {
            right = mid - 1;
        }
    }
    return -1; // Key not found
}

int main() {
    int N;
    short int k;

    printf("Enter the value of N: ");
    scanf("%d", &N);

    if (N <= 0) {
        printf("N must be a positive integer.\n");
        return 1;
    }

    int* A = (int*)malloc(N * sizeof(int));

    if (A == NULL) {
        printf("Memory allocation failed.\n");
        return 1;
    }

    initializeArray(A, N);


    srand(time(NULL));
    k = rand() % (A[N - 1] - 1); 

    printf("Generated random number k: %d\n", k);


    int linearResult = linearSearch(A, N, k);
    if (linearResult != -1) {
        printf("Linear Search: Found k at index %d\n", linearResult);
    } else {
        printf("Linear Search: k not found in the array\n");
    }


    int binaryResult = binarySearch(A, N, k);
    if (binaryResult != -1) {
        printf("Binary Search: Found k at index %d\n", binaryResult);
    } else {
        printf("Binary Search: k not found in the array\n");
    }

    free(A);

    return 0;
}

any idea why k is generating numbers out of range

Because its against their terms of services? Its very costly to run LLMs and they need to generate a source of income.

My guess cuz it's python:

[1]
[1, 1]

Tbf, it is scoped properly... for Python.
The object is initialised during the function declaration -- i.e. global scope (in that instance).

There are a whole bunch of tricks you can do with that. Parameterised decorators being a big one

def decoratorEx(fid: int, tracker: list[int] = []):
  tracker.append(fid)
  def innerFunc(f):
    def wrapper(*args, **kwargs):
      print(tracker)
      return f(*args, **kwargs)
    return wrapper
  return innerFunc

@decoratorEx(5)
def f():
  print("Called!")

f()
# Output:
# [5]
# Called!

@decoratorEx(6)
def f2():
  print("Called F2")

secondTracker: list[int] = []
@decoratorEx(7, secondTracker)
def f3():
  print('Called F3')

f2()
# Output:
# [5,6]
# Called F2

f()
# Output:
# [5,6]
# Called!

f3()
# Output:
# [7]
# Called F3

Logically it should be function scope

That example still looks like function scope

I can see arguments for both ways there tbh.
On one hand, yeah, it's a function parameter. On the other, it is being initialised in the higher scope. It's consistent 🤷‍♂️

Poor example, one sec

There we go. That'll do.
Apologies -- me being an idiot. They're not a necessary concept there, but useful in things like that ^^

It's still being JavaScripty

Hey! @vestal carbon

sorry for ping

What do you need help with?

Hello dear people of here, would you mind me asking your advices to help me find a roadmap of understanding ADS's using OOP approach?

It should still be on the function stack

That behaviour is counter-intuitive

Coming at it from other practices/languages, sure, but it's effectively equivalent to declaring a variable and passing it by reference:

myList = []
def func(arr = myList)

def func(arr = [])

Just in the second instance it's anonymous.
Not sure how cPython handles that at memory management level

Either way you are declaring a new array with no elements and passing it as the default argument to a function parameter. The initialisation happens when the function is declared

yeah I see how it works

in this program are we implicitly creating a pointer? ```C
#include <stdio.h>

// A Product structure
typedef struct product {
float retail_price;
int number_in_stock;
char product_name[1000];
} Product;

void pretty_print_product(Product *p);

int main() {
Product cabbage = {1.99, 144, "Cabbage"};
pretty_print_product(&cabbage);

return 0;

}

// p is a pointer to a structure of type Product
void pretty_print_product(Product *p) {
printf("Product name: %s\n", p->product_name);
printf("Retail price: %.2f\n", p->retail_price);
printf("Current stock: %d units\n", p->number_in_stock);
}```

and does that mean that we can just create pointers without names?

No

No pointer is created

A pointer exists, but no data is allocated to the freestore

The pointer exists, and is initialized to the address of the passed-in struct.

You can allocate data without a name, but how would you free that memory? If you do not have a process to de-allocate memory, your code is going to blow up with memory leaks.

I followed along up until this part, where does the pointer exist exactly?

Once the execution enters the function, the pointer gets pushed to the stack.

ohhh ok, i get it now, thanks

Gave +1 Rep to @magic falcon

A pointer is just an address. https://en.cppreference.com/w/c/language/pointer

can you explain that part pls

HI there, I need to build a custom stager which can eventually help me to bypass the AV/EDR. Any writeup or lead in this direction will be appreciated. Thanks

???????

need is a strong word. What is your intention?

Never settle

yeah I'm gonna have to veto this line until you get access to the advanced channels.

Hola, Does anyone know the effective approaches way to define schema from datasource (*datasource dynamic change). Im using the cutting header method and define *Spark

Thanks

could someone potentially provide some insight as to why I'd be getting this error?

I've verified that scapy has been installed properly and even copied it to dist as well, rather than just site-packages

Everytime I try a command other than pip install scapy, it has reqs satisfied.
Could it be VSC related? thx for any help

pip install scapy

Haha, that is how I originally installed it...

Your IDE might not be able to access the module

You can try import scapy and then from scapy import x

still nada, so weird lol

Check that your Python install is global

Make sure you’re installing the module for 3 not 2

Install it in the IDE’s terminal, not CMD/ other

Try pip3 install package

Cuz sometimes it messes up the installation when u have both versions

It happened to me when I was trying to install pygame or opencv

Heard, I appreciate you guys

you were right about this, just installed the py3 vers but same error -_-

I would recommend using a virtual environment manager to create a separate virtual environment of your choice of python version which could be 2.7 or 3.8 or whatever and then install and use scapy python package for your project inside your virtual environment. This will keep you system clean and the problem would be easily debuggable, you can delete this virtual environment later, and there will be no trace left of the project dependencies

@next rock 👆

hugeee +rep

Np

I have faced this issue before lol

its horrendous, been at this for a couple hours. the scripts skeleton has been done lmaoo

Yah it's really annoying

yeah use virtual environments for python. Python is terrible at dependencies

Anybody got anything better than this I can use for assembly in my Kali? 😂

Nvm, just got it on my Kali.

NASM

Oh

Also ndisasm

@glass basalt i report back with good news: virtual environment worked 😄

How do I practice programming for the sake of programming? Do I just pick a problem and try to solve it through code?

Awesome @next rock

Check the pins, there's a list of entertaining sites

But generally yes

Lookin to learn php.. are there any good resources or books for php ?

W3schools.

Ty

Gave +1 Rep to @lyric mirage

https://x.com/iammemeloper/status/1652005506792435712?s=20

Pick a project and write it, when you're finished rewrite it with more structured code, when youre finished, rewrite it again, thats how you get good

That and doing that for years and working in multiple types of projects which has different requirements

Really? Continuously rewriting the same thing over and over again? If they just want to practice programming, wouldn't doing the challenges on sites like leetcode be better....?

Plus seems kinda dry and your not really learning anything new each time, just rewriting for the sake of rewriting

@magic falcon Would love to hear your input on this, if you have a moment

It's valuable. The idea being, that every time you look at it and re-solve it from scratch, your thought process will be different, and you'll start to see all the little places that are more complex or even unnecessary. I don't necessarily advocate going over the same problem immediately, but reviewing and revisiting your code every so often is good.

Exposing yourself to all kinds of different problems is good as well, for different reasons.

Euler Project is a great source of problems.

Cool, thanks! Appreciate it

So here's a "fun" exercise for you, Jay

Write a program to do something that requires interactivity from CLI

Then rewrite it so you can abstract the interface from the business logic.

Then rewrite it again to add the option for a GUI.

then rewrite it to run as a service and provide a web API.

Then rewrite again to add TLS and other security features.

And now you rewrite everything twice over again, the next time using TDD, and the final time using BDD

TDD & BDD = ?

Sounds like a fun challenge

Exactly, this. When revisiting it and reviewing your solution you often find different more efficient ways of solving the problem, I personally think it’s fun doing this and then you can start writing sections more generic for decoupling and so on…

Yep! It's also why I gave the order I did in the rewriting recommendations

Sadly in real life you’re rarely given the time to do this though, thats why I decided to drift away from programming, never get the time needed to produce quality 🥲

Sprints sprints sprints, never marathons 🙂

At least not in my 10 years of experience

That sounds about right, to be honest. Agile practices are actually the death of quality, in my opinion

They require existing code to be retouched every sprint, but in practice we're so focused with building the functionality, to hell with quality if it works

That's a big chunk of my point that I left unstated 🙂

Any legends willing to glance at this packet sniffer script and let me know if theres any thoughts on how to improve/make more efficient? 😄

https://github.com/jjaydm/packetsniffer/blob/main/SNIFFERNEW.PY

had to abandon scapy all together, sad

Sed

another "weird" python behaviour

text = 'Hello, Bob!'
if text.find('Alice'):
  print('Alice found!')
else:
  print('Alice not found!')

||text.find() recurs an index, and -1 if its not found - but because its a bool check, any integer except 0 is treated as true||

that's not weird python behavior, that's how boolean is treated in most languages i know

Not about how the Boolean is being treated but more about how the find command works

Find indicates that you want to know where a string is, returning index makes perfect sense!

yeah but it should return 0 instead of -1 to represent false!

and it makes more sense, 0 instances of it found

If the string starts at index 0, what would you return for not found?

Yeah, you're right

Boo:
    mov [esi], 0x73696854
    mov esi,4
    mov [esi], 0x20736920
     mov esi,8
     mov [esi], 0x65707573
    mov esi, 12
    mov [esi], 0x6e612072
    mov esi, 16
    mov [esi], 0x69796f6e
    mov esi, 20
    mov [esi], 0x2120676e
ret
call Boo

Sigh

I'm sorry, we do not help with schoolwork

Yeah, I know

It already counted, but I want to do it as a pet project

I have removed your original message, >>>Retr0

Okay. Recently I've thought about adding a lsa secrets dumping. Should I pack it all in one app or make two separate, but in one project? I want to make something like mimikatz just for gaining an experience in windows security

Given your previous request, we cannot help you. Please review rule 5

I already read it. This schoolwork is done, I've got my grade for it.

The task was writing an app that dumps sam hashes

But now it is like pet-project

Cool 🙂 unfortunately I’m unable to verify and henceforth the discussion cannot take place here

Sorry 🙂

Oh

Okay

Could we discuss it in private correspondence? I don't insist. If you don't want, I'll understand. I am just searching for ideas and how can I promote my repo

Alright, I will do something completely by myself and hope that in close future I will share my progress and we will discuss it again. Sorry for the misunderstanding. See you soon

https://github.com/MachiavelliII/Dnser

Hi here ! Just banged my head against the wall with some exploit:
$ python3 -c 'print*("A" * 32 + "B" * 8 + "\x86\x06\x40\x00\x00\x00\x00\x00")'
That doesn't work as expected...But:
$ python2* -c 'print "A" * 32 + "B" * 8 + "\x86\x06\x40\x00\x00\x00\x00\x00"'
worked just fine...
After searching a little online, I understood that this behavior may come from python2 using ASCII while python3 is using UNICODE and \x86 not being ASCII (ordinal not in range(128)). But I wasn't able to code something that works with python3. I tried a few different things without success. I am sure someone here could help me...

What is the best platform to learn python and make projects?

Check the pinned messages here

You need to use the bytes() function

also using the raw buffer helps

I did not know this, are you talking about raw_input() ?

naw, sec I'll have to check

sys.stdout.buffer.write

print doesn't flush properly

have to use b"" as well

also make sure your endianness is good, and that you have the proper register size for the RIP

or EIP

Ah, okay I did not know that existed. My initial implementation was using bytes() in my script

could work as well

Thank you @brazen eagle @hollow sorrel so finally:
sys.stdout.buffer.write(b"A" * 32 + b"B" * 8 + b"\x86\x06\x40\x00\x00\x00\x00\x00")
works as intended. Not as light as python 2 (rely on sys lib).

Gave +1 Rep to @brazen eagle

Thank you @hollow sorrel for your answer too

It's not too bad

+rep @hollow sorrel

Gave +1 Rep to @hollow sorrel

Hello guys, Nevermind me, just lurking around.

carry on then

I have functions for when "up" is pressed, "down", and "select" as well as "back".

I have successfully displayed the 'HOME_screen', I just dont know how to track things like, user went down 3 times then up once, selected one thing then went back

Is this for school by chance?

no

What language are you using

python, and pygame library

thats all I know how to use 😎

You want to use event listeners so that when an event happens such as your function you can choose how you want to react to it

ok, I will learn how to do this, I think this whole project is quite far above my skill level

thank you greatly for this pointer

oki so
-I have a pygame Python program
-I run it with a monitor connected with HDMI
it displays my program
-I run it with a monitor connected via composite video pins
no graphical output at all, I see the print statements in my program, I know its running, just no graphics

after asking chatgpt I am hearing a lot of "fb" (frame buffer) stuff and I dont know what that is or how to solve my issue

goal: get pygame to output to my composite video display 😎

Have you checked the pygame documentation?

that doesn't seem like a python issue

rather makes me think its a chatgpt problem 🥳 sarcasm off.

Just use chatgpt for research not for helping you learn new things

agreed, I use chatGPT a lot at work when i have to do any code or scripting. Its nice but if you do not already have the skills you will not get too far with chat. You have to be able to know what it spits out and how to debug and modify what it gives.

I tried to use chatgpt while working, it ended up taking longer explaining why it was wrong than figuring it out myself, now I usually throw some code at it asking why it's behaving weirdly and sometimes getting an answer, but mostly it's just become a bit of a rubber ducky to me, which can be nice!

Werkzeug RCE ALMOST/KIND OFF

Sum wrong w the payload

# Check if a file path is provided
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <path_to_pcapng_file>"
    exit 1
fi

# Assign the first argument as the pcapng file path
PCAPNG_FILE="$1"

# Check if the file exists
if [ ! -f "$PCAPNG_FILE" ]; then
    echo "File not found: $PCAPNG_FILE"
    exit 1
fi

# Define a function to extract strings
extract_strings() {
    echo "Extracting strings from $PCAPNG_FILE..."
    strings "$PCAPNG_FILE"
}

# Define a function to extract credentials (basic example using HTTP Basic Auth)
extract_credentials() {
    echo "Searching for credentials in $PCAPNG_FILE..."
    tshark -r "$PCAPNG_FILE" -Y "http.authorization" -T fields -e http.authorization
}

# Define a function to summarize the pcapng file
summarize_pcapng() {
    echo "Summarizing the activities in $PCAPNG_FILE..."
    tshark -r "$PCAPNG_FILE" -q -z io,phs
}

# Call the functions
extract_strings
extract_credentials
summarize_pcapng```

Script to extract data from pcap files

#!/bin/bash

# Check if a file path is provided
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <path_to_pcapng_file>"
    exit 1
fi

# Assign the first argument as the pcapng file path
PCAPNG_FILE="$1"

# Check if the file exists
if [ ! -f "$PCAPNG_FILE" ]; then
    echo "File not found: $PCAPNG_FILE"
    exit 1
fi

# Define a function to extract strings with at least 9 characters
extract_strings() {
    echo "Extracting strings from $PCAPNG_FILE with at least 9 characters..."
    strings "$PCAPNG_FILE" | awk 'length($0) > 8'
}

# Define a function to extract credentials for clear text protocols
extract_credentials() {
    echo "Searching for credentials in $PCAPNG_FILE for clear text protocols..."
    # HTTP Basic Auth
    tshark -r "$PCAPNG_FILE" -Y "http.authorization" -T fields -e http.authorization
    # FTP
    tshark -r "$PCAPNG_FILE" -Y "ftp.request.command == USER || ftp.request.command == PASS" -T fields -e ftp.request.arg
    # Telnet
    tshark -r "$PCAPNG_FILE" -Y "telnet.option_text" -T fields -e telnet.option_text
    # POP3
    tshark -r "$PCAPNG_FILE" -Y "pop.request.command == USER || pop.request.command == PASS" -T fields -e pop.request.arg
    # HTTP POST Form Data
    tshark -r "$PCAPNG_FILE" -Y "http.request.method == POST" -T fields -e http.file_data
}

# Define a function to summarize each TCP/UDP stream
summarize_streams() {
    echo "Summarizing TCP/UDP streams in $PCAPNG_FILE..."
    tshark -r "$PCAPNG_FILE" -q -z conv,tcp
    tshark -r "$PCAPNG_FILE" -q -z conv,udp
}

# Define a function to summarize the pcapng file
summarize_pcapng() {
    echo "Summarizing the activities in $PCAPNG_FILE..."
    tshark -r "$PCAPNG_FILE" -q -z io,phs
}

# Call the functions
extract_strings
extract_credentials
summarize_streams
summarize_pcapng```

would be even better if you used the built in syntax highlighting: ```bash ```

Thanks I didn't know!

Gave +1 Rep to @brazen eagle

Discord supports a bunch of languages that way

Yeah it's great

highlight.js is what it uses iirc

Makes sense

Even if prism is better

Ahoy everyone. Can anyone help me with removing white space? Using lstrip()

For context, im creating code through greanly and i cannot seem to remove white space

What are you using, Python?

txt = ",,,,,ssaaww.....banana" x = txt.lstrip(",.asw") print(x)

Will result in: banana

Would look better in python blocks.

favorite_language = ' python '
favorite_language
favorite_language.rstrip()
favorite_language
favorite_language.lstrip()
favorite_language.strip()
print(favorite_language)

when i execute, there is still whitespace when i run it

i tried sending a screenshot but it doesnt let me

In Python, when you use string methods like rstrip(), lstrip(), and strip(), these methods return a new string.

favorite_language = favorite_language.rstrip()

favorite_language = ' python '
print(favorite_language)  # Prints ' python '

favorite_language = favorite_language.rstrip()
print(favorite_language)  # Prints ' python'

favorite_language = favorite_language.lstrip()
print(favorite_language)  # Prints 'python'

favorite_language = favorite_language.strip()
print(favorite_language)  # Prints 'python'

lemme run this rq

AHA, IT WORKS !

thank you man, wowza, i cannot tell you how frustrating this was to get

legends !

Anyone got any resources through which I can learn how to remediate bugs/vulns that are found while vuln assessments/pentests or basically all vulns in general or a secure coding related guide/blog/source?- Not a programmer, but I want to provide more information on my bug bounty and pentest reports.

The OWASP secure coding guidelines and OWASP remediation strategies for specific vulns work good

As a pentester, you’d want to give actionable steps but not too much in detail as you don’t know much about how their systems work.

Recommend remediation, if not possible, should be implementing mitigation controls.

How to change from unsalted to salted hashes without ruining the old user accounts?

You'll have to rehash everything, so best bet would be to migrate as they log in

IMO

interesting

is that the usual practice?

i’ve always thought how huge companies migrate things but never really looked into it

Probably not, but if you don't want to drop existing data I don't see any other way...on logon, verify against the current hash, if it's the old format, you probably have the password at that moment allowing you to generate a salt and rehash

There's no standard

Anyways, probably how I'd do it

interesting ty

i'm gonna ask our head of software tomorrow to see what they'd do too

Probably something else 😄

Keep me posted though

You should ask this in #cyber-and-careers 🙂

on login was the answer i got too :D

So I'm not completely insane... Or we both are

we are all insane

“Insanity is merely an opinion.” - a sign in a local restaurant lol

Are you supposed to run nc -lvnp as sudo? Is there a need to elevate?

I always run as sudo but wondering if that's necessary

Not necessary

Well, i think for any privileged ports, it may be

but i never had issues using nc without sudo against privileged ports

it might be due to user permissions also

shouldn't have to if listening on ports over 1024

It all depends on your environments security constraints. Sometimes yes , and other times no.

Sorry I had meant to ask that question in #general. But thanks

@desert eagle ```import java.io.;
import java.util.;

public class Solution {
public static void main(String[] args) {
Scanner c = new Scanner(System.in);
int t = c.nextInt();
for(int i = 0; i < t; i++) {
long L = c.nextLong();
long R = c.nextLong();
System.out.println(distinct(L, R));
}
}

static long distinct(long L, long R) {
    // If the range is even, the result is always 0
    if ((R - L) % 2 == 0) {
        return 0;
    } else {
        // If the range is odd, the result is R XOR L
        return R ^ L;
    }
}

}

Try running that

no luck

One sec

It works for me

projects@Apple SecuredCloud % java Solution
3
1 10
11
2 5
7
3 3
0

Try compiling it and running it on a computer and not whatever online tool that is. Give it input

Its Hackerrank question

code contest question to be precise

oh I see. Yea might not be able to help then

The terminated due to timeout is due to the program expecting input

No I have been getting that output when the contest was still up and running

Sorry I'm not understanding how it's supposed to get the input

Pretty sure these types of things can't deal with stdin

The input is given by the system

Ig so

but...the script I posted has the exact same output when I manually enter the numbers in the question

Mine does the same too but when I submit it shows me that

either it has a different approach and the time complexity is O(n) which I can't acheive

or idk there is something wrong with the question

Sorry I have no idea

Same boat bro

Maybe try IRC freenode server's java server

There should be plenty of java experts

Do got the link by any chance? or I have to find it

Yea I got you one sec

Much appreciated!

https://webchat.freenode.net/

For channel. Try #java and ##java

Oof java

https://tenor.com/view/good-luck-gif-24090093

I recommend using pastebin.com to store the code and question or they will get mad

And..don't ask for help. just ask the question

And be patient. It might take a long time for someone to respond. Also be upfront about where the problem is from.

There is also #programming (/join #programming)

(on freenode)

Haha yeah!!

greetings

_________          _______ 
\__   __/|\     /|(       )
   ) (   | )   ( || () () |
   | |   | (___) || || || |
   | |   |  ___  || |(_)| |
   | |   | (   ) || |   | |
   | |   | )   ( || )   ( |
   )_(   |/     \||/     \|
                           

###### ##  ## ##     ## 
  ##   ##  ## ###   ### 
  ##   ##  ## ###   ### 
  ##   ###### #### #### 
  ##   ##  ## ## # # ## 
  ##   ##  ## ## ### ## 
  ##   ##  ## ##  #  ## 
  ##   ##  ## ##  #  ## 
                        

from art import *

Oh it's pretty much just text? Reading the manual

yea, just text

damn. I can just use figlet or toilet. Thanks though

🚽 is new to me (in context)

lol

https://www.ascii-art-generator.org/ is pretty cool but it's extremely detailed

@novel onyx Actually if you adjust the width and upload simple clip art it works great

yea, i used that before, it does the job

does anyone have any advice for me?
trying to code a pygame gui that takes input from a hardwired controller (data is transfered through udp). I'm not a great programmer by any exageration, but it is painfully slow to respond to my input.
is pygame the issue? there is a resource intensive While loop, and considering I'm running it on a raspberry pi zero, It isnt the fastest thing ever. How can I speed this up? any suggestions?

Do I even stick with pygame, or should I try something else?'

I won't know much without seeing your code.

How optimised is it? What is your network speed looking like? Have you tried an alternative library?

to be completely honest. I dont know what network speed means 🤠
if it helps. the udp is from a C program, to a python program. all on the same raspberry pi.

I haven't tried tkinter (the other common graphical display library), solely because I am not familiar with it. Perhaps now is the perfect time to try learning it.

I can show my code? if so how? I dont want to break any rules / upload something im not supposed to

hello guys. I'd like to learn python scripting. any lead on how to go about it. is there a framework & if which one

Hey, there is a room in TryHackMe specifically for Python scripting.

If you are into books, Automate the Boring Stuff with Python is a good book that teaches fundamentals and also delve into scripting tasks. I think the free version is available on their website, there is also a monthly giveaway of the author in r/Python subreddit.

If you want to delve into Python scripting that deals with hacking, Black Hat Python is a good book.