len(obj) is not object oriented - it's a structured function to get something considered metadata

obj.method() is an object method to perform state mutation or retrieval on the object

Okay so len(obj) is more like inspecting and grabbing something about the object without actually doing / changing anything, while the latter is actually changing or rather like you said mutating the original object? And spitting out or returning a different object for us to further do things with?

hi @nova sorrel I occasionally do it 🙂

Length is a global inbuilt function provided by python to return the length of the argument given to it which it then returns

It's not a method/attribute of an object

okay so anything in the form of method(obj) is in fact not a method?

object.method(arguments) # <- object method
function(arguments) # <- function

that's just the way pythons syntax is

ooooohhhhhh ok ok ok

So im taking two completely different things and comparing them?

Yeah, be carefull to not get mixed up between the syntax of a lanbuage and the actual paradigm

Like juun said here 🙂

The tutorial (this one and a few others I saw) kept calling them methods, so to me its all the same thing and for some unknown secret reason, they were being formatted differently

class Dog(object):
    def __init__(self):
        self.age = 15 # This is an attribute!
    
    def length(self): # This is a method
        return '10cm'

len('abc') # 3 (built-in function)

obj = Dog()
obj.len() # 10cm (instance method)

obj.age # Attribute!

With OOP, the objects have methods and attributes - a method is a procedure that is defined within the class that is then avaliable to any object instantiated from it

Okay so technically that's a function and not procedure because it's returning 10cm, so it really should be an attribute instead - but this is just to clarify the difference between the method & function

@surreal bronze thank you so much for the help! I do not fully grasp what you sent but it's a nice place to start researching now that I have some solid terminology

Gave +1 Rep to @surreal bronze

In practice, functions and methods are representing the same idea. Don't get hung up on this terminology, it's language dependent.

Advent of Code? What's that?

I tried searching in the THM platform, I don't think I see anything like that.

Its on the thm platform, its separate platform

Ah, I see lol. Thanks @lyric mirage

Gave +1 Rep to @lyric mirage

hello! i am trying to write an ipsweep script on kali linux, and im only getting ping invalid argument, can anybody help me?
#!/bin/bash
if [ "$#" -ne 1 ]; then
echo "Usage: $0 [network_prefix]"
echo "Example: $0 192.168.1"
exit 1
fi

network_prefix="$1"

for host in {1..254}; do
ip="${network_prefix}.${host}"

# Utilisation de la commande ping avec une seule requête et un temps d'attente court
ping -c 1 -W 1 "$ip" >/dev/null 2>&1

if [ $? -eq 0 ]; then
    echo "Host $ip is UP"
else
    echo "Host $ip is DOWN"
fi

done

here is my script btw

Hm, on Kali, you have Nmap; how about using nmap -sn 192.168.0.1/24 instead? I'd say, the script seems okay. Do you quote the command argument when running it?

ok i'll try thanks

Can someone tell me if writing an autopwn script that roots a thm room and pulls the flags is impressive on a scale of 1-10. Easy room, but not like eternal blue easy.

impressive is subjective

🤓

I think your main concern should be impact over trying to impress people tbh

Like if that script helps get back to a point where you were stuck and had to redo everything for some reason, that's pretty impactful

What is the impact of twitch?

I automated some of the exploit flow for a walkthrough I was doing on an HTB box

Impact of twitch?

If you're not going to answer my question the way I asked it why are you bothering at all? I am asking in order to know if it is worthwhile or neat in any way for anyone besides myself

Well you asked if it was impressive, I said you should worry about impact over impressing people.

If you just make an autopwn script that does a room for them, sure it might be worthwhile to someone looking to just get points wherever possible and learn nothing, or maybe to someone who's looking for ways to write autopwn scripts themselves (but you might wanna invest some effort into documentation if you wanna serve that niche)

And thus the question, what is the impact of twitch? what do people get out of that

streamers get some fun challenge and sometimes money for streaming... mostly it is about having a good time with chat while doing something fun

Depends on the streamer and viewer. Some get pleasure or entertainment out of it, some get knowledge, some get community.

if that is what you mean with twitch in this instance

right, entertainment, the impact isn't meaningful except to the user, subjective. Only impressive to the viewer. So, again, scale of 0-10 how interesting is an autopwn for a thm room.

would say for the easy challenge rooms about a 2-3

thank you.

but that is only shadows rating

it will differ a lot from person to person

you might find it super impressive while someone like shadow might not

Yes, and I know to take that into account. To people who program, and already understand THM it's going to be a much lower score, but for the people new to this, but nonetheless interested... much higher.

I'd hope that people new to THM would put in time & effort to clear the rooms themselves though as its literally a learning platform

So if I explain why I am writing the code to do what it is doing it's more impactful?

why or how? The 'how' (development process) could be interesting. Idk about the impact factor though

well for code those kind of go hand in hand.

probably a 7-8 only if I've done the room myself and I am looking for an alternate way I could've done it (looking at how the code does it)

You can pwn a lot of rooms with metasploit but that isn't as interesting as looking at how metasploit does it

imo that is the interesting part, but I wouldn't want users, especially new ones, to use this as it defeats the purpose of the platform if that is all they would use

Let's say I made a John Hammond style video but focusing on scripting the room and don't provide the code, but if you followed along you would have it.

sure, you could learn something from that

Alright, if I make another one I will do that. Thank you.

idk about that, Ive written some useless code for fun but the how can still be interesting 😉

in any case Dalton, before you start on this, do keep THM ToS in mind. If you'd use this to cheat the leaderboards or have other users do that for example, it would be considered breaking ToS

I have no intention of using it to cheat. I wrote the last one based on a walkthrough and didn't complete the room until after the code worked. I am learning how to hack while doing it, but it's also given me a lot of knowledge on programming and automation. The script I make/made would only work for the very specific room intended for it as it's literally a step by step of what you would have done if you followed a walkthrough. I can't imagine the script breaks ToS anymore than a walkthrough would.

That sounds OK to me, just giving you a heads up

I also only pick month+ old rooms

I'm not THM staff though*

yeah.... shadow is not staff either

Hello! Could someone rate my code? Add, change or delete anything? https://github.com/Vondri/NMAP_Beautifier

for me 0

¯_(ツ)_/¯

I finally understand what you mean by "part of the string class". I finally got this thank you so much. It made no sense at the time but someone referenced the python documentation and explained it phenomenally and I thought of this text. Thank you

Gave +1 Rep to @nova sorrel

hello

new here

anyone here who does Kotlin in IDEA? I turned off wildcard imports for both Kotlin and Java, but when I import e.g. java.util.TreeMap, it still adds import java.util.*

Eclipse guy here... and there, it works 🤷‍♂️ Never could make it into IDEA 😅

looking at settings, I don't see an option to disable wildcard imports. Is this from a plugin?

what's interesting is that it only happens when I import like this (without autofill), but not if I start typing a type and then autofill with enter/tab, guess that's enough of a solution 🙂

and not a plugin, built-in Kotlin Imports tab in the settings

oh

check the settings here

I have "Use single name import" on both, and everything past "Other" unchecked, except for "Import aliases separately"

set to * with something like 99

look at the setting in Java as well

I set that to 99 for both Kotlin and Java, and nothing changed

try optimize imports

I enabled it for both Kotlin and Java, no change

maybe it's a bug when importing Java classes from Kotlin?

weirdly enough, unlike in Java, placing the caret on the import java.util.* line in Kotlin source files doesn't show that lightbulb with an option to use single class imports

hmm

does it work for you?

seems to

try ctrl-alt-o

that should redo the imports

import copy
from functools import reduce 

# Day 1

sum = 0

mappings = {
    "one": "1",
    "two": "2",
    "three": "3",
    "four": "4",
    "five": "5",
    "six": "6",
    "seven": "7",
    "eight" : "8",
    "nine": "9",
}
with open('day1.txt') as puzzle_file:
    for line in puzzle_file:
        line = line.strip()

        reduce_one = reduce(lambda a, kv: a.replace(*kv), mappings.items(), line)
        reduce_two = reduce(lambda a, kv: a.replace(*kv), reversed(list(mappings.items())), line)

        numbers = []
        final, final_reversed = zip(reduce_one, reduce_two), zip(reversed(reduce_one), reversed(reduce_two))

        for r1, r2 in final:
            if r1.isdigit():
                sum += int(r1)*10
                break
            if r2.isdigit():
                sum += int(r2)*10
                break

        for r1, r2 in final_reversed:
            if r2.isdigit():
                sum += int(r2)
                break
            if r1.isdigit():
                sum += int(r1)
                break

print(sum)

cc @surreal current @junior vector

Just for fun! 🤪

Haha nice!

Can anyone suggest me good screen recording software for my PC with no watermark and unlimited time?

I'm using APEX recorder and it does the job for me

obs

@whole yacht thanks

Gave +1 Rep to @whole yacht

ye welcome

Day two, task two, that was easy:

this is not advent of code is it?

looks like it

fun fact, my attempt on day 5, part 2, took around 17 minutes to compute 😅 I guess I wrote a really naive algorithm

python vs go, which is better?

I need to choose a language for my project

Network Scanner

https://tenor.com/view/huh-rabbit-cute-gif-15676652

What is the "Google" programming language?

It is:

You ask Google and paste whatever comes first? 🤣

I had a stressfull few days and I kinda gave up even to understand the problem at day5 part1 😂 too bad because I was having a lot of fun 😅

niice, my code looks totally different for day2 i guess 😄

There are many ways to skin that cat. I tried to do as much as I could with records and streams to have fun 😄

I gave up after the first week though, it was basically all the same so... lost interest

oh, I hope you're better now, I admit it's really fun solving 🙂
I wasn't trying much to do both parts each day, I have I think only 6 days solved so far, I was focusing on THM's AoC more 😉

My best guess is that its trying to get namebot but cant. If ans == mess, it sets the username as namebot but namebot is defined in a different if statement that may or may not be true.

If any of this is incorrect please let me know as Im still fairly new to programming

Heres a small snippet I made to go along with what I was trying to say

ohh thank you

Gave +1 Rep to @scenic hare

ur right

i changed to code and now its working ty

Thats good to hear, if you need anything else let me know

Hello, how to approach learning C? Any book recommendations for example?

Or online courses

What did I read at the start

python, my bad

a network scanner should be fast and performant right

Yup

then your answer between the two is pretty clear

That's why I was gonna go for "go"

That is correct. If ans == 'mess', the code does not enter the first if, so namebot is not assigned any value. Then it enters the second if and it is printed without having been assigned first, hence the error.

huh? 🤔 😅

supp

hello guys,,,anyone having an idea on how to redirect to a random page after login (python, Django)

to a random page? Why so? I would hate that as a user 😄

Have you googled this?

Advent of Code day 8, part 2 seems tough computationally, or I'm just likely missing something...

it's the one with the network of nodes, e.g. AAA = (CCC, DDD) etc, and you have these instructions L or R saying which one of the two to choose, and you repeat that until all nodes ending with "A" become nodes ending with "Z"

thing is, it's been running for 50 minutes now, and all I got is 4 Z's (out of 6) so far that took around ... 2.6B steps (8 minutes) 😄

anyone here knows how to point me in the right direction without revealing any solution? I'm guessing it has something to do with graph algorithms, is that what's required here? I don't know much about them yet so I thought I'd ask first before diving in rabbit holes

that would mark this as my first AoC 2023 task where a naive algorithm isn't enough

the naive algorithm being selecting all start nodes, and iterating through the instructions until all end with "Z"

I tried that and left it running for a couple of hours. No joy. There must be something they are not explicitely telling us, like the overlapping in the one with the numbers being substituted, and without that it probably never stops. 🤷‍♂️

What language? Can we see the code?

With the input, will the paths always be in alphabetical order? Like, the choices be greater than the node

AAA (BBB, DDD)
EEE(GGG, ZZZ)

Seems like a fun challenge, will try it later when I'm available to

I'd say they don't have to be, the task doesn't mention it, so I assume it will often jump up and down between the nodes

Would meet in the middle work to? So you have one process start from the AAA and the second start from ZZZ, then keep a track of the nodes and the distance from the starting node (could do a hashmap, e.g. node:3) then when you have an interlapping one you add the distances together

I say this because it reminds me of solving a rubix Cube algorithmically and that was what was used as well

And it's kinda similar in the sense that you start with a node (of faces) and can do a turn (R,L) etc

here it is in Kotlin

  override fun part2() {
    currentPart = 2
    val lines: List<String> = readFile(path)

    val network: MutableMap<String, Pair<String, String>> = parseNetwork(lines)
    val startKeys: MutableList<String> =
      network.filter { entry -> entry.key.endsWith("A") }.keys.toMutableList()
    
    var stepCount: Long = 0
    val steps: String = lines[0].trim()

    // for each start key, replace it with the next node's key chosen by the next instruction
    do {
      val stepIdx: Int = (stepCount % steps.length).toInt()
      for ((i, key) in startKeys.withIndex()) {
        startKeys[i] = when (steps[stepIdx]) {
          'L' -> network[key]!!.first
          'R' -> network[key]!!.second
          else -> throw RuntimeException("unknown step character '${steps[stepIdx]}'")
        }
      }
      stepCount++
    } while (!startKeys.all { k -> k.endsWith("Z") })

    result = stepCount.toString()
    printResult()
  }

  private fun parseNetwork(lines: List<String>): MutableMap<String, Pair<String, String>> {
    val network: MutableMap<String, Pair<String, String>> = mutableMapOf()
    for (line in lines.slice(2 ..< lines.size)) {
      val lineParts: List<String> = line.split(" ", ",", "(", ")", "=").filter(String::isNotEmpty)
      val key = lineParts[0]
      val pair = Pair(lineParts[1], lineParts[2])
      network[key] = pair
    }
    return network
  }

Yeah so that's just starting from AAA and then going over each possible R,L option for every node onwards right? I can see why that'd take a long time

https://www.youtube.com/watch?v=wL3uWO-KLUE

Here's the video I mentioned about also starting from the end, might be relevant here?

not through every possible, but rather going through the instructions, which should take much less than full brute-force, right?
this still feels like brute-force, but I'm not brute-forcing R and L of every node, I'm only following the instructions in a closed loop

I'm not familiar with it so I'll take a look, thanks

Have you also checked that the algorithm isn't getting stuck in a closed loop? Like AAA->GGG->BBB->GGG->BBB

since it's blindly following the instructions/steps, I thought it would find the final set of nodes eventually, and I'm slightly counting on AoC not having almost any edge cases 😄

really cool stuff, thanks for that
so I should be able to meet in the middle by storing each set of nodes coming from the start and comparing that when coming from the end?
I'd probably need an estimate of how many total steps the naive algorithm would need to take to approximate the middle

Gave +1 Rep to @surreal bronze

hi guys, it's a simple port scanner in bash (holo room).
Final result should be:
scan from 1 to 65535,
writes open ports to array,
at the end he writes the open doors.

At the moment it is incomplete because I didn't understand this line well

timeout 1 bash -c "echo \"Port Scan Test\" > /dev/tcp/$ip/$port && echo $port is open || /dev/null"

#!/bin/bash  
ip=192.168.100.100
openport=( )
for port in {1..85}; #65535};
do  
timeout 1 bash -c "echo \"Port Scan Test\" > /dev/tcp/$ip/$port && echo $port is open || /dev/null"
#sleep 0.5
done
for p in "${openport[*]}"
do
echo "openport $p"
done

Maybe this can solve

timeout 1 bash -c "echo \"Port Scan Test\" > /dev/tcp/$ip/$port && (echo $port is open; openport+=($port)) || /dev/null"

Solved, not beautiful... but works

#!/bin/bash  
ip=10.50.74.194
openport=()
for port in {1..65535}; do  
        if timeout 1 bash -c "echo \"Port Scan Test\" > /dev/tcp/$ip/$port"
                then
                echo "$port is open";
                openport+=($port); 
                else
                2>/dev/null
        fi      
done
for p in "${openport[*]}"; do
        echo "openport $p"      
done

according to Reddit, it doesn't need any of these algorithms, because the input data is made in a way so it only needs ||LCM 🤦‍♂️||
mildly infuriating disappointing ...

In that final script, it would display the open ports first with "$port is open" (while scanning them) and then in the second for-loop it would just give the same list but with "openport $p". The second loop could be removed since it doesn't really do anything extra?

So they explicitely misguide you saying that "if you were a ghost, you would follow all the paths at the same time"... oh well I thought it was a coding challenge, but it was not just that 😅

Thank you, I "rewrote" the second script because I couldn't fix the first one the way I wanted. the second loop summarizes all open ports without having to search line by line.

Gave +1 Rep to @solar palm

I finally got it 🎉
unfortunately, yes ... if I got it right, it would've taken more than 500 hours at the rate of roughly 10 M steps per 2 seconds by following the instructions 🙄 (the answer is in trillions)

squares = (val * val for val in range(100))
print(max(squares))  # 9801

max alters the variable squares

I just learnt about Python generators.. can you please let me know how come max is altering the variable..
I did some experiment and yeah the variable is altered since next(squares) gives StopIteration
I lack generators knowledge and that combined with max() is making me confused

Python allows functions to alter variables they do not own

Okay, let's go through the python docs

Firstly: defining a generator - https://docs.python.org/3/glossary.html#term-generator

It's a type of function that returns an iterator object - Here's the simplified wiki page on it as well as the documentation https://wiki.python.org/moin/Iterator

So, when we access an iterator object - we do so by iterating over it, under the hood all its doing is repletely calling its __next__ function. Here's an example from the wiki of an iterator object that returns random 1's

   1 import random
   2 
   3 class RandomIterable:
   4     def __iter__(self):
   5         return self
   6     def __next__(self):
   7         if random.choice(["go", "go", "stop"]) == "stop":
   8             raise StopIteration  # signals "the end"
   9         return 1

Like it says in the documentation, the __next__ function will then raise a StopIteration error to indicate that no more data is available to be iterated over

Okay, now back to your example - using the max() function. Well what does this do? To the python docs!

So, in our case we are providing one positional argument - the squares iterator. This max function will return the largest item in the iterable. So in order to achieve this, the only way to find out what the largest item is, is to iterate over every single item in the squares iterable! (So squares.__next__ will continously be called until no more data is available)

That means, that now because there is no more data avalible, the next time __next__ is called it will raise that error

You should be familiar with OOP as well, to be able to fully understand this (imo).

@magic falcon If I've made any mistakes here or have anything useful to add, would love to hear your input!

@edgy radish To also give you a quick example of an object and how it's attributes can change from a function (like max):

class Human:
  def __init__(self, age):
    self.age = age
  
def increase_age(human):
    human.age += 1

jayy = Human(age=17)
print(jayy.age) # 17

increase_age(jayy)
print(jayy.age) # 18

going through it

It's being passed by object reference, not by value

They have a huge misunderstanding of what the max() function does when given an object that has an iterator. Your explanation looks fine on a quick read through. Re-read their code and you'll see the question has a couple of super-faulty assumptions about modification of passed variables vs return value.

Thanks! Yep, on second read I should have focused more on passing by reference vs value

Gave +1 Rep to @magic falcon

not really; it's very rare that a high level language passes by value these days. Most of the time when you look under the hood, it's doing something like pass by value by reference or pass by reference by reference - it adds a bit of abstraction, tradeoff is that it means the lvalue is not as easily modified, or the passed reference can be modified without modifying the original, depending on the original object type.

The abstraction used for the passed value, in this case, is less important than the assumption that max() is modifying the original instead of returning the result of a computation.

Also I'm interested in how the conclusion max alters the variable squares was established

faulty assumption from new programmer is my guess

It might help to increase their debugging skills if they tell us more about how they arrived there

vs how others might check this

Possibly. IMO they didn't read the docs, and don't understand mutation vs return value

possibly from running max() and then max() again, they expected the same output - but instead, because its a generator it raises the error ?

can't determine that from what we're given; you're making assumptions about what they did or didn't do, which is not usually a helpful debugging strategy

Yeah we can guess but better to just poke deeper

Or rather, take a few steps back

yup, hence my wording of possibly

But I don't like saying 'lets take a few steps back' since thats very enterprise-bingo-buzzword-y hehe

well..thats why I started from the documentation of an iterative in my explanation

Oh yeah I'm not saying somebody was wrong here, just reading along

You are missing my point about speculation for this type of thing - there are actually more things that could have been done than there is time to do them. Speculation like this can throw people down wild rabbitholes that aren't applicable, so it's really better to not speculate and work strictly off what's provided, or ask for more information instead of trying to work some kind of abstract forensics challenge from it

I get where you're coming from on being helpful, but unless you've seen this exact thing in other places very recently.... Speculation usually causes more harm than help to actually solving a problem

It's like trying to troublehshoot an SELinux context violation without seeing the /var/log/audit.log

I wrote this a long time ago after about 10+ years of helping people with tech questions on IRC to explain how good questions are asked https://www-hackenkunjeleren-nl.translate.goog/slimme-vragen-stellen-hoe-hou-je-je-medehackers-te-vriend.html?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=nl&_x_tr_pto=wapp

Maybe I should properly translate it sometime and make a reference somewhere.

@edgy radish we're not attacking you here btw 😉 Always good to ask questions.

hehe I dont mind.. Looking forward to learn.. THM has the best community I believe :)

Got it. How would you have answered this question?

pass by value by reference 

Also, I've never heard of this - and when googling all that comes up is just pass by value or pass by reference, would you mind giving a quick explanation about how this works? 🤔

"look at the docs for max, you mis-understand how this function works win python"

Explanation may be a bit dated, it's very common in languages like java and C#. Not very common in C or C++, but the idea is that you are passing a copy of a const reference

Cool, thanks! I'm not sure if its my side, but all the code snippets are 1 long massive line

Gave +1 Rep to @solar palm

It's probably best to run the most simple code you can think of that does pass by reference and pass by value, and see in a debugger step by step what it's actually doing memory-wise.

Huh interesting, I'll have to try and find some more info on this

Yeah the code snippets are actually imitating IRC logs

not sure if the markup I chose back then supports multiline, but it's not essential to the story

Oh, I'm familiar with the simple pass by value or reference, but not a double one? Unless you are talking about double one and I'm mistaken

I think what @magic falcon means is that it's actually doing things a bit differently under the hood

at the time of interpreting the code

Yup yup, but what I'm not understanding is pass by reference by reference - just never heard that term before

Typically pass by reference is actually doing pass by reference by reference (or even more complicated things). You'll have to actually see the code that at runtime to often determine how much abstraction is being used; pass by reference by reference is (roughly) equivalent to using a handle in C++.

it's like using a pointer to a pointer in C

How much time does it take for tpm 9.0 to transfer payment after dispersing? Help anyone?

Hey

Need help

Urgent

wut

What does this mean?

Never heard of TPM 9.0

Only TPM I know is the Trusted Platform Module.

Bois

Need100000

Usd

Usdt

Urgent

for what

I'll return them tomorrow

Got a payment stuck

Need to pay loan right now 😔

Nope

Don't ask for this here.

I want to know what code editor you use to edit and complete python in kali.

i just use vim

others use neovim, atom, sublime, vscode, codiun

Can vim automatically suggests and completes variables?

I think neovim can with some plugins

I have a vim plugin that works just like vscodes intellisense

is that similar to pylance?

I need the output to look like this:

[(["X", "2"], "X", "2", ["1", "X", "2"]), (["1", "X", "2"], "2", "1", ["1", "X"]), etc...]

every tuple means a combination, and every item inside the combination (tuple) means a probable outcome

[
    (["X", "2"], "X", "2", ["1", "X", "2"]), 
    (["1", "X", "2"], "2", "1", ["1", "X"]), 
]

the probable outcomes could be double, triple or single. And for double & triple outcomes they should be in list

exactly,

here we got 2 combinations

Sorry I'm still confused

You want combinations of 1, 2, X, ?

1 min please

here we got 2 combinations which means 2 tuples as you can see, in both of them there are 4 matches which means 4 items.

1. In the first combination we got a :

   double outcome ["x", "2"] for match 1,

   single outcomes "X" for match 2

   and "2" for match 3

   and finally we got a triple outcome which is ["1", "X", "2] for match 4

2. In the second combination we got a:

   triple outcome ["1", "X", "2"] for match 1,

   single outcomes "2" for match 2

   and "1" for match 3

   and finally we got a double outcome which is ["1", "X"]

If you still confused, it's totally fine, we can do a quick voice call if you want of course

Please let me know when you read the explanation

Does pprint get you close enough?

from pprint import pprint

list = [(["X", "2"], "X", "2", ["1", "X", "2"]), (["1", "X", "2"], "2", "1", ["1", "X"]), ]

pprint(list)

here is my problem:
https://stackoverflow.com/questions/77815307/generating-combinations-with-single-double-and-triple-outcomes-in-python

Okay, so the problem you are having is that your code isn't properly creating the inner lists?

Yeah, I need output like this:
[
(["X", "2"], "X", "2", ["1", "X", "2"]),
(["1", "X", "2"], "2", "1", ["1", "X"]),............
]

Yeah, I've never dug into itertools, so I'm at a loss for even where to begin.

Actually, I think the problem isn't in itertools

I'm having my lunch atm, will let you know when I've come up with something

I think we need some good algorithm to fix this

Alright, thank you @surreal bronze

Gave +1 Rep to @surreal bronze (current: #13 - 457)

So it will be 4 matches and then finding every possible outcome from it?

I'm looking to have a function that takes an input of "Number of matches", and the output would be a randomly selected "possible outcome(s)" for each match

yeah

it could be double, triple or single

randomly

okay okay, and the possible outcome for each match are either a single, double or triple outcome?

got you

and its made from any of these 1, 2, X

okay thats a LOT of combinations lol

yes, 1 stands for home football team winning, x stands for draw or tie and 2 stands for visitor team wining

it's about the Quiniela Betting Game

import itertools
from pprint import pprint

matches = 2
scores = (1, 2, 'X')

possible_outcomes = [item[0] for item in itertools.permutations(scores, 1)] + list(itertools.permutations(scores, 2)) + list(itertools.permutations(scores, 3))

pprint(list(itertools.combinations(possible_outcomes, matches)))

Done

use .permutations() to get the possible match outcomes and then .combinations() to get them for each match

does that work for you?

It's great actually, thank you for that @surreal bronze .

And what about this way:

1. For each match, randomly decide if there are 1, 2, or 3 possible outcomes (We'll call this O)

2. For that match, randomly select O number of outcomes

3. Repeat N number of times

so, if I were to write this in pseudocode, I'd say:

N represents "number of matches"
outcomes is an empty list

Loop N number of times O = random number between 1 and 3 Select O random items from [1,X,2] append to outcomes list Return "outcomes" as a tuple

Gave +1 Rep to @surreal bronze (current: #13 - 458)

What do you think about this idea, @surreal bronze ?

fine, just use random.randint(1, 3) with possible_outcomes

I need to upgrade some of my homelab stuff now, so you'll have to try that your self - good luck

Ah, lol, you've already got it solved. Here's some ugly code without itertools...

import random
from pprint import pprint

def get_single():
    return random.choice('12X')

def get_double():
    return [ get_single(), get_single() ]

def get_triple():
    return [ get_single(), get_single(), get_single() ]

def get_element():
    return random.choice([get_single, get_double, get_triple])()

def get_tuple():
    return get_element(), get_element(), get_element(), get_element()

def get_matches(number):
    matches = []
    for i in range(number):
        matches.append(get_tuple())
    return matches

pprint(get_matches(5));

If you still need help, I'm sure somebody else will be available to or I'll be back later

if random number says 1, then "1", "X" or "2",

if random number says 2, then ["1", "X"], ["X", "2"] or ["1", "2"]

if random number says 3, then ["1", "X", "2"]

Looks good, you can simplify this

def get_single():
    return random.choice('12X')

def get_double():
    return [ get_single(), get_single() ]

def get_triple():
    return [ get_single(), get_single(), get_single() ]

To this

def get_combinations(n):
    return [random.choice('12X') for n in range(n)]

Or even look into random.sample()

Okay, cya 👋

wow, good approach, I tried it and I got this:
[('X', ['2', 'X', '1'], '2', ['X', '1', '2']),
(['1', '1'], ['X', '2'], 'X', ['X', '1']),
(['1', '2', '1'], ['1', 'X'], ['1', '2'], ['X', '1']),
('X', 'X', ['2', 'X', 'X'], 'X'),
(['X', 'X', '1'], ['1', 'X', '2'], ['2', '1'], 'X')]

but there should not be duplicated outcomes for a single match

as you can see, inside the marked lists, there are duplicates which shouldn't be

for double only this acceptable: ["1", "X"], ["X", "2"] or ["1", "2"]

for triple only this acceptable: ["1", "X", "2"]

@violet hill

@glass wigeon What is this for exactly?

Quiniela Betting game

Elaborate?

You can check the above messages I've chated with Jeff and Jayy

I did, can you explain what you're trying to do please^

Well, I'm trying to get combinations of possible outcome(s) for each match

For what 🙂

for betting, you know the Quiniela betting game?

So, you're asking people to calculate betting odds?
I'd prefer if you could be more specific 🙂

Do you know 1, X and 2 what are they stand for?

1 outcome means home team winning, X outcome means tie between the two football teams that played aginst each other and 2 means the visitor football team wining

Mhhhmm.. so what are you trying to do with it?

What is your end goal

Why are you trying to do this? What is your driving force

the end goal is @true pumice , when you get these combinations, then you can try betting using these combinations

I'll later make a function that calculates these combinations and returns the best combinations to try. But don't overthink about this, because this isn't the problem now

It's my dinner time, I'll be back soon

This sounds like homework, tbh

Either that or I'm missing a ton of context

I think the desired behaviour is a bit more complex, in that you want the combinations and not the permutations

Their use case required both

Here

anyways, sounds like homework 🙂

This is much better:

`import itertools
from pprint import pprint

matches = 2
scores = ("1", "X", "2")

possible_outcomes = (
[item[0] for item in itertools.combinations(scores, 1)]
+ list(itertools.combinations(scores, 2))
+ list(itertools.combinations(scores, 3))
)

pprint(list(itertools.combinations(possible_outcomes, matches)))`

now I got this output and I got a little problem on it:
[('1', 'X'),
('1', '2'),
('1', ('1', 'X')),
('1', ('1', '2')),
('1', ('X', '2')),
('1', ('1', 'X', '2')),
('X', '2'),
('X', ('1', 'X')),
('X', ('1', '2')),
('X', ('X', '2')),
('X', ('1', 'X', '2')),
('2', ('1', 'X')),
('2', ('1', '2')),
('2', ('X', '2')),
('2', ('1', 'X', '2')),
(('1', 'X'), ('1', '2')),
(('1', 'X'), ('X', '2')),
(('1', 'X'), ('1', 'X', '2')),
(('1', '2'), ('X', '2')),
(('1', '2'), ('1', 'X', '2')),
(('X', '2'), ('1', 'X', '2'))]

can you please see, if you focus on it, you can see the problem on it. I don't know how to explain the problem in chat
it should also generate the opposite combinations for the previously generated combinations
@surreal bronze

But what are you going to use it for

to get the top best combinations

for betting

I updated the description and added the new issue to stackoverflow:
https://stackoverflow.com/questions/77815307/generating-combinations-with-single-double-and-triple-outcomes-in-python

@surreal bronze

Any one here who knows python?

I got an error in my program but I can't find a solution for it

just ask

I've solved this problem, but I've got another one, we're soo close, @surreal bronze :

https://stackoverflow.com/questions/77815307/generating-combinations-with-single-double-and-triple-outcomes-in-python

You got this

nah it isnt that

im sharing online github repository\

https://github.com/raze69/error

error.txt file

i have marked code in brackets

Thank you very much @surreal bronze for helping me to solve the problem, and if you could also help me with this last problem, I'll be very very appreciated

Gave +1 Rep to @surreal bronze (current: #13 - 460)

error in line 25

There are no URLs in that message.

can someone help me with this code, its not giving expected output.

import socket
from termcolor import colored

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

host = input("[*]Enter the host to scan: ")

def portscanner(port):
  if sock.connect_ex((host, port)):
    print(colored("[!!]port %d is closed", % (port), 'red'))
  else:
    print(colored("[+]port %d is open", % (port), 'green'))

for port in range(1, 1000):
  portscanner(port)

host: 8.8.8.8

earlier it was showing all closed, changed it a bit now it shows 1 is open and rest are closed

its a simple port scanner

Why are you trying to scan Google’s DNS…

Try it with your local machine, 127.0.0.1

yess, ik a lot of others have pointed it out
thanks

Gave +1 Rep to @hollow sorrel (current: #25 - 328)

You may want to be able to specify the ports to scan

Also use command line parameters over prompts

You may want to give easily parsable output as well, probably don't want to list closed ports, as they aren't particularly interesting

thanks buddy
🙂

Gave +1 Rep to @brazen eagle (current: #12 - 533)

When I use the following command:

echo “whatever“ | nc -lnp PORT
```is there any way I can terminate the connection immediately after sending „whatever“?
Am having a hard time finding stuff online.

-q 0 ?

Works. Thanks.
I just need to press enter twice on the client side for it to exit netcat for some reason, so I assumed it was not working earlier.

Gave +1 Rep to @surreal bronze (current: #13 - 461)

anyways I'm trying to make a vulnerability scanner in python using customtkinter but using subprocess or even os libraries my terminal that's supposed to open closes immediatly here's the code : ```py

root = customtkinter.CTk()
root.title("V-finder")

#Definition of frame

#quit tool function
def quit_tool():
root.quit()

customtkinter.set_appearance_mode("Dark")
customtkinter.set_default_color_theme("green")
root.geometry("1200x800")

def distro():
result = subprocess.run(["bash", "distro.sh"], capture_output=True, text=True)
command = f'sudo nmap {text} -oN results.txt'
terminal_command = f'lxterminal -e bash -c"{command};&& echo 'Press Enter to close...' && read -n 1 -s -r"'
subprocess.Popen(terminal_command, shell=True)

def option():
scan_type = my_combo.get()
if scan_type in ["Normal", "Advanced", "Aggressive", "Hardcore", "Stealth"]:
distro()

else:
    print("Combo box error")

def ask_for_ip():
#That's the small window dialog that pops up and ask for ip
global text
dialog = customtkinter.CTkInputDialog(text="Type the ip to scan ", title="IP Entry")
text = dialog.get_input()

#This function defines what happens whzn the start scan button is clicked,

normally it launches the scan with the details given by the user

but for the moment I can't get python to open a new terminal

and then run the scan from there or I would like to display the result in the ui itself but for the moment it's too complicated because I would also need to filter the output.

def start_scan():
global text
global command
global terminal_command
init_scan.configure(root, text="Initiating Scan...")
init_scan.update()
#progress = customtkinter.CTkProgressBar(root, orientation="horizontal", mode="inderterminate",progress_color="#00ff00")
#progress.pack(pady=12, padx=10)
option()
#progress.start()
stop()
init_scan.configure(root, text="Start Scan")

can anybody help ?

Is this for school?

github

https://github.com/solitary8/v-finder

@lyric mirage

that doesn't answer the question

no it's not for school

it's for a github repository

the question was is this homework?

no

it's a project I'm working on in my free time

ok

I'm not familiar with the toolkit in question, but there should be some logs

what do you mean by logs ?

like in the console to see if there is some errors ?

if it's that there's no errors

do you really need a GUI for this?

yeah

I mean before it was in bash in the command line

but I really want to make it look better

I've been working on and off on it for 2 years

I would love to remaster games and do 3d and make big GUIs but I have a raspberry pi so it's not possible

forcing lxterminal is not exactly portable 😉

I tried using an terminal in the frame but it didn't really work and seemed complicated

I'm sorry if it's too complicated

I'm just trying to make something

well it mostly introduces a dependency that not everyone has

even with python virtual environment ?

oh that's a python thing?

yeah

it's possible to create a virtual environment and then install the dependency

looks like it's a gtk thing

Idk if it would work

and I wouldn't really like to waste all the code I wrote

but if it's the only option then I'll try it

no I mean your dependency isn't a python lib

really ?

customtkinter isn't a python dependency ?

but it's based on tkinter

anyways do you have any idea on how I could solve this ?

I already tried subprocess.call

and using []

and using os.system

and subprocess.run

and subprocess.Popen

and .wait()

I wasn't talking about customtkinter

oh ok

using shell=True?

root = customtkinter.CTk()
root.title("V-finder")

#Definition of frame

#quit tool function
def quit_tool():
    root.quit()

customtkinter.set_appearance_mode("Dark")
customtkinter.set_default_color_theme("green")
root.geometry("1200x800")




def distro():
    result = subprocess.run(["bash", "distro.sh"], capture_output=True, text=True)
    command = f'sudo nmap {text} -oN results.txt'
    terminal_command = f'lxterminal -e bash -c"{command};&& echo \'Press Enter to close...\' && read -n 1 -s -r"'
    subprocess.Popen(terminal_command, shell=True)

def option():
    scan_type = my_combo.get()
    if scan_type in ["Normal", "Advanced", "Aggressive", "Hardcore", "Stealth"]:
        distro()

    else:
        print("Combo box error")





def ask_for_ip():
    #That's the small window dialog that pops up and ask for ip
    global text
    dialog = customtkinter.CTkInputDialog(text="Type the ip to scan ", title="IP Entry")
    text = dialog.get_input()


#This function defines what happens whzn the start scan button is clicked,
# normally it launches the scan with the details given by the user 
# but for the moment I can't get python to open a new terminal 
# and then run the scan from there or I would like to display the result in the ui itself but for the moment it's too complicated because I would also need to filter the output.



def start_scan():
    global text
    global command
    global terminal_command
    init_scan.configure(root, text="Initiating Scan...")
    init_scan.update()
    #progress = customtkinter.CTkProgressBar(root, orientation="horizontal", mode="inderterminate",progress_color="#00ff00")
    #progress.pack(pady=12, padx=10)
    option()
    #progress.start()
    stop()
    init_scan.configure(root, text="Start Scan")

already done

what are you trying to do here

like intented vs what's actully happening

a terminal is supposed to open and run a nmap command

but the terminal opens and then immediatly closes

so it's supposed to stay open but doesn't

seems like its erroring then

instead of running the command, replace it with print and see what its trying to run

Are you double clicking the file, or opening in CLI?

I'm running it from the terminal

then run that from your terminal

okay

They are running the app from the terminal, which then is supposed to open up another terminal

terminal_command = f'lxterminal -e bash -c"{command};&& echo \'Press Enter to close...\' && read -n 1 -s -r"'
    subprocess.Popen(terminal_command, shell=True)

Ah, I see

I suspect its because its trying to run an invalid command, which is why it immediately closes (because it errors and can't do anything else)

I get this output for the command : ```text
lxterminal -e bash -c"sudo nmap 127.0.0.1 -oN results.txt;&& echo 'Press Enter to close...' && read -n 1 -s -r"

@surreal bronze

okay, what happens if you try to run it

strange

if I try to run it in a seperate terminal

it opens and then immediatly closes

so the problem is with the command then

that's what I suspected 🙂

Wanna know why?

┌──(kali㉿kali)-[~]
└─$ sudo nmap 127.0.0.1 -oN results.txt;&& echo 'Press Enter to close...' && read -n 1 -s -r
zsh: parse error near `;&'

oh

but if I run this ```bash
lxterminal -e bash -c"sudo nmap 127.0.0.1 -oN results.txt; && echo 'Press Enter to close...' && read -n 1 -s -r"

the terminal still opens and then closes

Well yes, the ; is causing an error

remove it

still doesn't change a thing

sudo nmap 127.0.0.1 -oN results.txt && echo 'Press Enter to close...' && read -n 1 -s -r

This?

run it in your terminal and see what happens

yeah if i run it it works but adding lxterminal -e and bash -c it doesn't work

so the problem resides with lxterminal -e and bash -c

yeup, run lxterminal

you need to narrow down where the error is occuring

okay so if I run lxterminal a terminal window pops up

if I run ```bash
lxterminal -e bash -c "sudo nmap 127.0.0.1"

a terminal opens run the command and then closes

but in the tool if I select advanced mode

in the combo box

it uses -Pn so it takes more time to run

the terminal still runs and then closes immediatly

so I think the error or problem is that with bash -c it runs the command and then closes without waiting for the end of the command

okay I made it work using ```bash
lxterminal -e "sudo nmap 127.0.0.1; read -p 'Press Enter to close...'"'

thanks a lot for your help !

No problem!

When debugging, I always do 2 things. One: Narrow down exactly where the error is occurring, tracebacks are pretty helpful with this but in your case it was a bit harder because it was something external that was erroring. Nevertheless, if you break down what's happening within the application, you'll be able to find where it's going wrong. In your case, the terminal opening and then closing was called at the subprocess line. Two: Log/Print out everything, even if you think you know what a variables value is, you may be wrong! Printing stuff out also allows you to manually execute commands to help debug further, just like we did then.

thanks

Gave +1 Rep to @surreal bronze (current: #13 - 463)

well im making a VPN and i dont know if i am doing my coding right.

(it wont let me paste the pic?)

You need to verify for that. ^_^

k

But if you are trying to show a log or source code, it is better if you out the text here instead of an image.

yea

ima do that

import tkinter as tk
from tkinter import messagebox

def connect_to_vpn():
server_adress = entry_server.get()
username = entry_server.get()
password = entery_password.get()

if server_adress and username and password:
    # sim a connection to vpn server
    messagebox.showinfo("conected", "connected to vpn server")
else:
    messagebox.showerror("error", "please fill in all the fields")

create the main window

root = tk.Tk()
root.title(" vpn ")

server adress

label_server = tk.Label(root,text=" server adress")
label_server.pack()
entry_server = tk.Entry(root)
entry_server.pack()

username

label_username = tk.Label(root,text="username")
label_username.pack()
entry_username = tk.Entry(root)
entry_username.pack()

password

label_password = tk.Label(root,text="password")
label_password.pack()
entery_password = tk.Entry(root, show="*")
entery_password.pack()

connect the button

connect_button = tk.button(root, text="connect", command=connect_to_vpn)
connect_button.pack()

run the main loop

root.mainloop()

there is a # in front of the bold letters

Could any of you help me with a little race project

dm me again

What exactly are you asking for?

I'm asking if i did the coding right

or if i messed up on sum

does the program work as you intended for?

im trying to make a VPN

but it dose not connect me

what prject should i start on next?, making a game, making a random password generator or practicing more on the coding and see how they work?
1 2 3

Please use code fences, ```

forgive me but what r code fences

print("This is code fences, the key is beside the 1, im UK Qwerty")

ok got it thanks

Gave +1 Rep to @lyric mirage (current: #2 - 1864)

Hey

Hello

what game should i do now?, i got 3 already a quiz game a guess game and a moving game so idk what to do now, im bored lol

Why use apple script for that?

Outlook's rules can probably do that automatically tbh

Cheers

what about some kind of a multiplayer game?

Networked Multiplayer is not an easy solve 🙂

not saying it's easy, it's just an idea
Maybe an easier project would be better. I didn't realize at the time that threading was involved, even though I'm working on a similar project myself 😄
I'm not really in a position to give more specific advice about what to make next since I'm working on my first such project. All I can say is, if learning about network communication seems interesting to them, starting small (sending a message from client to server) and then building a game on top of it might be a good next step.

In the words of Extra Credits, "I'm also leaving out anything networked or multiplayer, as that generally multiplies the complexity." (In regards to talking about Minimum Viable Products)

We made a multiplayer game for last weekends game jam and it's definitely not for the faint of heart

synchronisation is probably the worst part

Just going through learning c lang on my own and am really perplexed by the qsort functions eg

int compareDesc(const void *a, const void *b) {
    return (*(int*)b - *(int*)a);
}

Wondering if anyone could give me a explanation on how it works

whats the problem? complex part? its just a simple function that is casting the pointers into int numbers and returning the subtracting of this two numbers, qsort usually uses a comparision function to determ if the item should be move left, right or leave in current place.

Although casting pointers like that is pretty disgusting

It's a comparison function. Greater than 0 usually means greater than, 0 means equal to, and less than 0 means less than. In this case it's for sorting in descending order

Thanks both of you. The part i am having the most trouble understanding is where it gets a and b from in a array and how they are changed around.

Despite the name qsort has no guarantee that it's using a standard quicksort algorithm. In all honesty, which sort algorithm is used doesn't matter; the qsort function simply takes in an array, size of the array, size of a location in the array, and a comparator function. The comparator is called internally so that you could sort data that would normally be considered non-numerical such as strings.

A and B are generics, could be any two arbitrary values in the array.

Hello Guys! I'm gonna need your help here pls

So I'm building this Python SSH Server, my goal is to capture the clients command without given the actual system shell (sort of HoneyPot) but rather re-executing the clients command inside a docker container and then send the output to the client (Which i intend to implement after been able to successful capture commands).

But i having this TTY Allocation request failure and the Shell request failure has been a pain for me.. Can someone help me if you have idea on how this gonna work.. Note: My intention was to use the real ssh client that everyone uses.

So can you describe your use case? Is this intended as a SSH server or client?

@indigo turret I would run SSH with tac v for verbose to see more information

I managed to get it working using the demo -> https://github.com/paramiko/paramiko/blob/main/demos/demo_server.py

and here's mine edited to just do password auth

Thanks juun

Gave +1 Rep to @magic falcon (current: #10 - 721)

how do i create a tuple and input values to it without using eval function or converting it to list?in python

A tuple is immutable

You can't change it once it's been created

i know

but they asked it in a test last week

they wouldnt ask it if there wasnt a way

lol wut, its impossible?

A tuple is immutable, you literally cannot change it - if thats the test question it is wrong

Hi Va20 and Jayy, been programming for about 10 years and I think it is a poorly worded question however, technically, you can concatenate tuples to create a new one.

That's creating a new tuple, not modifiying one

It is definitely poorly worded, or just plain wrong

oh yea my bad sorry

Could be a critical thinking question more than a programming question

The way @lilac holly worded it, creating a new tuple which could even be blank and then concatenating input values over and over again would satisfy the requirements.

This is the exact question
Write a program to accept N values in a tuple as integer.

I disagree,
> "how do i create a tuple and input values to it"

Is directly saying to input values to the tuple you just created, which is impossible. You can create a new tuple with the contents of another one, but that isn't inputting values to the one you orginally created

Does it give example input/output?

fair enough!

no

Firstly, is it for a test? Like homework?

it was on a test last week

You should ask your instructor

Because this sounds more like a misunderstanding of what was on the test vs what you posted, assuming that the instructor actually knows what they are talking about.

Write a program to accept N values in a tuple as integer. Print all the palindrome numbers
present in it.
Input=(12,4,232,500,454)
Output=(4,232,454) [Note: Do not use built in functions and eval()]

Your understanding of the question and restrictions of the question compared to the actual question itself are two very different things.

alright,but how should this be done

Ask your instructor

You already said it was a previous test question, clearly the instructor has an answer key and they can help you

One of the reasons we don't help with coursework is that we are unable to verify that you are allowed to ask for help - similiarly, for test questions it's the same. We can't verify that this isn't cheating

oh

sorry then

As Juun has stated, it would be best to ask the instructor. More importantly don't fish for the answer but for the proper approach and understanding of the question. When it comes to programming, it is best to understand the process. The process to answering a question is transferable to all programming and development where as an answer is only going to help with that specific problem or question. Good luck!

alright thanks

Gave +1 Rep to @grizzled stream (current: #1318 - 2)

Guys, I need some advice. I'm going to teach someone programming but I have no idea which language to teach. I was gonna go with C because I feel like it's the best language to teach the basic programming concepts but since C is a bit tough language I was thinking about teaching Java. If I pick Java it will be easier for me to teach OOP straight away as well. What do you think? Which language should I pick? If there's any other language (except python) please tell me.

How much programming experience do they have? C might be a bit of a steep learning curve if they have no programming experience - why not python?

There's a reason it's the most popular beginner language

Think about what you want to teach: do you want to teach basic programming, or do you want to teach environment setup and language specific idiosyncasies?

Basics

I want to teach the concepts. Not the language

IMO python is one of the 'simplest' languages you can start someone off with, even if it can teach some bad habits that won't be correctable until the student wants to explore how and why languages are constructed.

If you start someone with C there's a lot of stuff that isn't programming they have to learn to continue to program on their own; Java isn't quite as bad but System.out.print doesn't exactly roll off the fingertips for beginners to write a simple program

Yeah but control flow in bash is a pain in the behind

Hello, is anyone here familiar with socat / setting up listeners for challenges ?
I'm a beginner trying to create my own CTF and i quite struggle to properly deploy a challenge. To set a little bit of context, it's about a python game that launches when user connects in using netcat. As a matter of fact, i have 2 precise concerns :

1. When the game is terminated, the client netcat session doesnt end (the process is not being terminated)
2. I would like to set up a timeout such as session ends after 5 seconds no matter what.

As of this day this command does the job socat TCP4-LISTEN:5001,reuseaddr,fork EXEC:'timeout 5 /bin/python game.py' but it seems really sketchy to me and i'm afraid that a poor implementation will lead to bugs and vulnerabilities.

I am open to any information that might be useful to me, and I thank you in advance for anyone who takes the time to respond.

I would suggest handling the socket connections inside your script, then running the script as a service. That should be much more resilient.

Effectively make the entrypoint a blocking loop (e.g., while True) listening for socket connections on port 5001, then for each connection you receive, start a thread executing the game logic.
There are still issues with that approach (e.g., it should be pretty easy to DoS it), but it's neater and more than sufficient for a CTF

Thank you for answering ;p

Well in the first place I did handle it with a socket script and multiprocessing 😅
But people on the web (and CTFd docs) mentionned that it was definitely simpler to do it with socat

Anyway even with python I still got this client-process-non-terminating issue, although I tried many options (sending TCP END packets, handling signals…)

This is really frustrating as it is the very last step to make the challenge functional 🥲

server-side should be able to listen for a socket closing or maybe there's an exception that gets thrown

Need a little help in C . I'm trying to retreive and pass the adress of a string to another function. Do I only need to put a pointer? I'm confused pls help lol

`bool devinerMot(char *motADeviner)
{
int intervalleDebut, intervalleFin;

intervalleDebut = *motADeviner;
intervalleFin = strlen(motADeviner) + intervalleDebut;
...`

Think about what you're asking, and here's something to think about: Is there a primitive type that contains an address?

If you're going to post code, please use the markdown code blocks

int main(char **argv, int* argc)
{
  // do something
}

this is a part of the code. It's a function and I'm trying to pass the var motADeviner to another function (which i'll call later using intervalleDebut as arg)

okok

When you're passing a variable, you need to think about how you're passing it. Pass by value, or pass by pointer? What is the semantic construct you need, and should that argument be modifiable?

I'm trying to pass it with a pointer, for the mere reason that I need to use another function that'll modify this specific string (I need to pass the adress or else it is not the same var and I can not use global variables here)

So you're passing either a char * or string typed; you need to understand what C is doing when you pass in various types. Is this for a class, or are you learning from a specific resource?

For class

Ok, I would recommend asking your instructor first

Mostly because asking us for help may be considered cheating, and second because my answer to anything is going to be way more in-depth than your instructor is going for, and it'll likely take you down a garden path of not learning the thing your instructor is actually trying to teach

I also recommend writing of of 'experimental' code in your IDE of choice, and doing step-through debugging to see what actually happens in the compiler when you try these things out

my instructor teaches us about how it affects the memory and adressing

yeah, but the problem is I'M at 2k lines of codes so it is quite hard, since I'm not that experimented

Right, but I can't verify that. So I'll re-iterate: experiment and ask them first

ok sure

Try it in hello-world style projects.

Good Idea

thanks

Short, small projects that are basically test cases for the 1 specific thing you have a question on

yes

I'll try that right away

OMG @magic falcon

ILY

made a mini program that passed adresses and printed them (so i could see if it was rlly the adress)

@magic falcon my saviour

hi

heya

Anyone willing to help answer some questions about some SQL homework?

We do not help with schoolwork here sorry, #rules

how do developers ensure the version of your mobile app is updated?

im thinking they do something like:

user opens app -> app does a query with their version to a server API -> server API responds that theres a version mismatch -> app then does a pop up to update the app to continue using it

or is there some other way? im thinking one could just intercept this if they employ this kind of solution

I don't know much about this but I know some apps (like WhatsApp) just check the system time (mobile in this case) so you can bypass "update the app" pop up by just manually changing your time. I guess in this case, the dev predicts the time of the next update in the current release.

`// Function to reload the page
function reloadPage() {
location.reload();
}

// Function to ping the site
function pingSite() {
console.log("Pinging the site...");
}

// Function to stop the reloading and pinging process
function stopProcess() {
clearInterval(reloadIntervalId);
clearInterval(pingIntervalId);
console.log("Process stopped.");
}

// Prompt the user for the reload interval (in seconds)
let reloadInterval = prompt("Enter the reload interval (in seconds) or type 'stop' to stop the process:");

// Prompt the user for the ping interval (in seconds)
let pingInterval = prompt("Enter the ping interval (in seconds) or type 'stop' to stop the process:");

// Check if the user wants to stop the process
if (reloadInterval.toLowerCase() === "stop" || pingInterval.toLowerCase() === "stop") {
stopProcess();
} else {
// Set the reload interval using setInterval()
let reloadIntervalId = setInterval(reloadPage, parseInt(reloadInterval) * 1000);

// Set the ping interval using setInterval()
let pingIntervalId = setInterval(pingSite, parseInt(pingInterval) * 1000);
}
`

😉

Umm what’s this

Find out by pasting it in the browser console

Or.. you can tell me.. telling users to blindly paste command into console is not appropriate

Yeah nah, do I have to delete this?

Really niche question but awhile ago when I was debugging in GDB I somehow triggered something like this:

Where it would tell me the format that sscanf (or the function that was being called) was expecting

Anyone know how I can trigger this again

Ok, I got it to trigger again so my follow up question now is, why does it trigger for some functions and not for others

or just what triggers it really

Hey, can I have some very basic question?

I am using self-defined Jwt for my authentication system

by using RSA algorithm

Do I have to assign each Jwt a different key pair value?

No, I'd assume you would ideally want one key pair to sign all your tokens.

you use a single private key to sign each token

https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/
Rust time

could be Java too

and/or python

still the rust foundation did some of the research and writing for this report so yeah they might be the main focus

Has anyone here come across the neal.fun infinite craft website?

yea it's great to create cursed things

@gusty umbra So if i understand correctly you're reading the files, sort them in by file type and then read them again for processing?

Correct

Since i had to group them by type, i couldn't yield the files as they're discovered, but separate them by type in a dictionary so i could process each type individually

I understand and now it's quick enough?

I'm kinda thrown off by "The problem is, the more files that directory contains, the larger the dictionary becomes, storing those objects in memory, slowing the program execution.". Do you again here read in all files and then process them all at once?

Up to the part where i identify the files by MIME it's ok, for 864 directories. 6768 file(s). ( 247 Mb Total ) it does that operation in less than 20 seconds.

The problem lies in the part where i have to group all those files in.

for example in my dictionary i would have:

pdf: [list with 1353 paths] etc...

Using the above pdf example, I loop through each value in the [list with 1353 paths]

So for each 1353, it extracts a specific text on that file (if found).

Reading the files comes later, this dictionary i'm talking about just stores the paths to the files

sorry had to go do something for a sec

Maybe writing to a (temporary?) .csv file would help you?

Then you arent only limited to a line in a text file but can make it follow a certain schema with stuff youve read out @gusty umbra

Pythons garbage collector should take care of freeing memory after you left that scope of the program you just't cant create massive global variables

I don't understand the problem with the memory and grouping the files in. Can't you just create the folders for the different MIMEs, then iterate through your files and depending on its MIME type move it to that directory? After that for loop/Whatever iteration the scope of that should left and the variables freed so you wouldnt use up any memory

I think it would be helpful if you could tell me what you want to achieve so I understand the grand picture

sounds like a database 😛

Thought we stopped doing filesystem DBs in the 1980s

thats just bloat!!

sometimes its overkill

That's why i said knowing the context would be useful

That would work

Since the main problem is grouping the paths by file type

Up to this point i'm not making any alteration to the files (copying, moving, etc...). I just need a way to store the paths in a grouped, organized way, that's where the CSV solution would fit.

Thank you very much for the help @tired hound !!!

Gave +1 Rep to @tired hound (current: #437 - 10)

no problem glad i could help

I need some input on the following issue I just ran into:

I used this code to redirect a child processes stdout to a file in /tmp:

#include <unistd.h> 
#include <sys/wait.h>
#include <fcntl.h> 
#include <stdio.h> 

int main() {
        int out_fd   = open("/tmp/csuwtc", O_CREAT | O_WRONLY);
        char* argv[] = {"/path/to/proc", NULL};
        char* envp[] = {NULL};

        pid_t child_pid = fork();
        if (child_pid == 0) {
                // Dublicate file descriptor 'out_fd' over stdout
                dup2(out_fd, STDOUT_FILENO);
                close(out_fd);

                execve(argv[0], argv, envp);
        } else {
                waitpid(child_pid, 0, 0);
        }

        return 0;
}

And the file has the following permission bits set:

---S--x--T 1 [REDACTED]   [REDACTED]   0 Mar 12 08:41 csuwtc

I assume this happens because I maybe forgot to close something somewhere, but I would not know what I need to close.
Additionally, it would be great if you guys had some resources or the man pages where I can read up on these permission bits.

Thanks for your input in advance! ^_^

According to the manpage of open (man open), permissions should default to 0666.

Update: the permissions can be fixed by setting them manually:

int out_fd = open("/tmp/csuwtc", O_CREAT | O_WRONLY, S_IRUSR, | S_IWUSR);

>>> Animal = type("Animal", (), {})
>>> print(Animal)
<class '__main__.Animal'>
>>> class Animal:
...     pass
...
>>> print(Animal)
<class '__main__.Animal'>
>>> isinstance(type, object)
True
>>>

Everything in python is an object....including class which is just an instance of type which is a sub-class of an object. Thought this was pretty interesting

even numbers?

everything

For further reading on using type: https://realpython.com/python-metaclasses/

Everything in python is a dictionary.

Quite useful for performing black magic with it.

So I discovered this today. Enjoy: https://github.com/rohitdhas/shittier

https://tenor.com/view/fire-gif-10341555270454130792

I mean it's not as bad as intern code, or research code.

hey

anyone can help me in developing logic

`def symmetry(n: int):
# Write your solution from here.
for i in range(n):
print()
for j in range(n-i):
print("* ",end="")

    for k in range(2*i):
        print(" ",end="")
pass`

This is my code and iTs ouT puT is This and i jusT wanT To remove The firsT empTy line

Look carefully at the code and run through it in your head.

You'll probably notice that a statement should be elsewhere

Though what you experienced is a surprising common issue in the real world™️

Hello

Anyone interested in taking 100 days leetcode challenge

Good luck

hey anyone on?

Many people are, yes.

By the way, if you post code, please put ``` before and after, so it is formatted better.

anyone know if azure app services come with a Azure SQL Database or if i have to create one seperately?

so javascript is only useful to learn if dealing with webapp?

currently i know python and learning c programming now after that should i get some knowledge about js or c++

no, nowadays javascript can be used for lots of stuff. even backend (using nodejs). But what you want to learn next highly depends on what you actually want to do

JSON is entirely different to JS though?

JSON is just how JS represents structs

Can someone guide me how are we getting IP address for the resolved domain using for loop?

How does iterating over DNS response getting us IPv4?

i'll need to read the details on the dns lib but looks like it stores it as an object, meaning it has more than only the IP it stores from the resolve() call

Related docs: https://dnspython.readthedocs.io/en/latest/resolver-class.html

So it replies with an "Answer" object, class which has some other options outside of only the IP (see: https://dnspython.readthedocs.io/en/latest/resolver-class.html#dns.resolver.Answer)
and eh my python is rusty but they have a custom __iter__() set in the source code linked there which goes over the rrset in that class where the ip itself is also stored.

extra note (cause am also learning about DNS on THM today so this lines up nicely ) - RRset is the set of all Resource Records of a given record type for a given name. For example, the name example.com may have an RRset of type A , denoting the set of IPv4 addresses associated with this name.
(https://dnspython.readthedocs.io/en/latest/rdata-set-classes.html#dns.rrset.RRset )

Yeah, I searched it though and found out resolved dns have informations including IPv4

But couldn't figure out how just iterating over it gives it

ohh, thank you so much!

Gave +1 Rep to @upbeat patio (current: #1346 - 2)

Yea i mean it's the __iter__() magic, if you read arounds it's source code and know enough Python for it i'm sure someone can give a much more detailed answer but thats basically it

it's still not clear but I got the idea

yeah, I am happy knowing this much. I'll have to learn DNS module in future someday though

You can also just use the built-in socket module if you want to get the IP

import socket 
socket.gethostbyname('www.google.com')```

Hi guys ... i am going through html, i need some help...
the task is this: "To make the input and textarea elements blend in with the background theme, set their background-color to #0a0a23. Then, give them a 1px, solid border with a color of #0a0a23."

and i wrote the following code: input,textarena { background-color: #0a0a23; border: #0a0a23 1px solid;
but it says its wrong... i coudnt figure out whats the issue... any help?

i think the issue in your code is a typo in the selector. You wrote textarena instead of textarea.

ohhhh, lol, welcome to coding blindness i should say😂 💔 ...thx it was a nightmare

No worries 😂

🌟

.

Sigh, python. Just spent the last hour banging my head against the wall because of this: (I think we've talked about this before lol, and I didn't expect it to be a problem in actual use but here we are!)

# What happened
>>> def func(x={}):
...     if x == {}:
...             x['test'] = 0
...     else:
...             x['test'] += 1
...     print(x)
>>> func()
{'test': 0}
>>> func()
{'test': 1}
>>> func()
{'test': 2}

I'd expect that when you call func, it'd generate a new instance of x with value {}. But no, it uses the same one every time you call the function!

# What I expected
>>> def func(x={}):
...     if x == {}:
...             x['test'] = 0
...     else:
...             x['test'] += 1
...     print(x)
>>> func()
{'test': 0}
>>> func()
{'test': 0}
>>> func()
{'test': 0}

Because of this, it messed up my recursive function that included tiles_visited={} and I couldn't figure out for the life of me where it was going wrong.

I'm interested, would you expect to happen when running that code?

that doesn't look like its using the same one every time.
if it were, you'd expect the value of x['test'] to increase by one after every call.

it looks like each time you call it, it creates a new instance, finds its equal to a new instance and sets x['test'] to 0

oh, i was looking at the what i expected 😅

Ah, sorry, you are saying what you think

No no thats my fault

Yes, I agree!

I was about to say the same

@magic falcon interested in your thoughts, if you can spare some time 👀

found this: https://stackoverflow.com/a/1145781

'pass by value' vs 'pass by reference' vs 'pass by value by reference'

it's behavior i would expect from python

https://web.archive.org/web/20200221224620id_/http://effbot.org/zone/default-values.htm

Implicit references are mean

bsod without admin privileges

Please don't post the same message accross different channels.

fine

@tired hound i get nothing

oh wait

did it wrong :p

Hi, so i'm a bit new to assembly stuff still especially writing it and i was going over some shellcode i largely understand it's setting up to basically do execve("/bin//sh", 0, ?); but i can not figure out some of the instructions or why they're like that 😅

global _start
section .text

_start:
  xor rsi, rsi                ; Set RSI to 0
  push rsi                    ; RSI to stack
  mov rdi, 0x68732f2f6e69622f ; set RDI = "/bin//sh" - why double slash?
  push rdi                    ; Push RDI to stack
  push rsp                    ; Push RSP to stack
  pop rdi                     ; Pop last value from the stack (RSP) into RDI - ??
  push 59                     ; Push 59
  pop rax                     ; 59 to RAX ; OPcode for syscall.execve()
  cdq                         ; Convert Double to Quad word - No clue why :)
  syscall                     ; Sys call - execve()

i'd recommend you get a system simulator or otherwise a step through debugger so you can directly observe what the ASM commands are doing

Oh right.. i forgot i can do that for this

Okay so;

push rsi  ; Push the value on to the stack
push rsp  ; Push the pointer to that value onto the stack (as it points to top of stack)
pop rdi   ; Loads the pointer to "/bin//sh" ('destination index register')

Only thing that i dont get is the cdq call

not seeing anything noticeably in gdb when it does that, and it works when i remove it aswell 😅

Ah, but removing it breaks it when i run it as part of my exploit lol

im pretty sure its because 59 is not in hexadecimal can you try doing push 0x000000000000003B and removing cdq call?

it gets converted in compiling 😅 this is still with 59 in the asm, ends up at 0x3b when running it

im pretty sure its because its not 64 bits but ill check 😅

RIP/RAX/etc. are 64 bit registers?

the problem looks like it

replacing the 59 with 0x000000000000003B worked for me

oh, no like.. it works when i run it directly but not when i run it as a payload in my exploit 😅

?

didnt get that

you mean the /bin/sh?

This part, so i figured everything out, except why that cdq call is there; but if i remove it from the payload it runs locally but not as actual shellcode

oooohh

hmmm

is this a thm machine?

So this doesnt do anything

Yeaa, i already solved it but am doing a writeup and wanted to get the details correct; cause i learn a lot from it usually 😅

uhhh

i guess this is beyon my limited expertise

also i was wrong about the 64 bit thing

ah, thanks for trying tho 😅

Gave +1 Rep to @rustic briar (current: #1018 - 3)

I still havent fully figured out why exactly buut, adding mov rdx, 0 into it instead of cdq seems to work; so i guessit was doing something fancy with that 😅

It's just a few bytes longer now

https://www.felixcloutier.com/x86/cwd:cdq:cqo

i mean makes sense 31st bit of 0x3b in 32 bit is 0 so in a sense its the same thing?

so cdq is just a cool way to save a few bytes?

guess soo

😄

thats amazing

23 bytes to 27 with my mov edit

so rdx is some random if this is a shellcode and in local its just unmodified

thats why it wouldnt work

yup; ah well now i can atleast explain the shellcode properly

😄

I can dm the writeup later in case you're interested

sure

im interested which box this is

Pwn101 - Challenge4

hey guys. any experienced react.js dev here? I have a question about app and authentication

Just ask and if someone can help they will :)

Ok. I have to secure an existing single page application written in React.js. It is using msal.js library to authenticate with office365 account. There is login screen, the server is authenticating, I receive a token, this is working quite fine.

The problem is: because its single page application the current situation is like this: after authenticating the server is sending a response with the user roles (like role: GUEST) to the client and then the client is keeping this in memory. This response can be tampered (to role: ADMIN) and then client is showing areas like /admin and /editUsers. Even the final APIs where I can save other users or do admin-stuff can be protected server side I can still access them unauthorized.

My questions here are:

• is the authorization currently just implemented badly? is msal.js not used correctly?
• can single page applications views be protected somehow
• should I switch form single page application to multi page application so I can protect the /admin and /settings endpoints server side?

I think a better way would be to instead of storing each time to fetch the session. For example in the component where you define routes you can make a hook each time you redirect check if its protected and what roles you need for that page if not sufficient redirect to login.

Secondly it is weird that you are able to access apis. Are you using the client or server stored role? What are you using for the backend?

In next js this is a bit easier with middleware

There is definetely a way better way to do this you can look at https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-react-samples/react-router-sample

i think server is .NET server app. I think the roles are kept in server but somehow they are sent also to the client and kept there.... for example there is the "Admin Area" button on top of the page, if you are user you cannot see the button, if you are admin you can see this button, but because the roles are sent to the client on page load I can fake the role and see this "admin area" button. I dont think this is the right way. I come from other frameworks where the page is built server side and then sent to client which is much better, but in SPA you have the whole package with all views in the users browser and these problems appear

this is just spa

more stuff is moved to frontend

I still dont understand "Even the final APIs where I can save other users or do admin-stuff can be protected server side I can still access them unauthorized."

but yes, I also think checking the roles server side on each route would be better but I can use burp suite to intercept everything and also change these from "unauthorized" to "authorized" ... so I come up with all these things and are quite successful in hacking my own app 😄

ok I explain

yeah but if apis are protected the admin page for normal users is useless

situation is like this:

• I log in as GUEST, see the application but shouldnt see the "ADMIN" button on top and also cannot access "/admin" page
• but after login the server sends "{role: GUEST}" which I change with burp to "{role: ADMIN}"
• now I refresh and the app is building up and rendering I have the "ADMIN" button on top and can enter the admin-area because this "role: ADMIN" is kept in client now somehow and used for all kinds of authorization
• even though I am in admin area now. I cannot change settings. I see all other users, try to delete another user but I can't because the APIs to do stuff like this can be protected server side. The server still knows I am GUEST and tells me "you cant delete other users" which is fine. but I was able to enter admin area which is not fine

mind if i dm?

no

would be nice

Tokens should be signed

Have your backend cryptographically sign the tokens, which you then verify on API calls. Business logic should be on the backend, presentation logic in front

The token is not the problem. Server is sending user role to the client in an seperate request. Thats can be manipulated

Yeah, sign that in a jwt

Or encrypt it

I see that JWT can be encrypted using a secret key, but if both the client and the server need to have the secret key to de- and encrypt the JWT tokens, then I think an attacker could look into the javascript because single page application is fully loaded into clients browser, find the JWT pass/secret and then also fake the transmission, right?

uh, signing with public/private keys... now we are getting closer

That's why I said sign it, you maintain integrity that way

Info isn't confidential, but integrity and availability are paramount

how to sign that.... usually party A encrypts with the public key of party B and then B can decrypt with his private key. but in my case the client should be the one who receives the message so the private key has to be in the app bundle (which is in the users browser) and I have same problem again 😄