#programming

and if possible, a better implimentation

I dunno about better though but that implementation doesn't actually return the byte array

I have this so far but it doesn't seem to work outside the function:

#include <iostream>
#include <string>
#include <vector>

void debugVector(std::vector<unsigned char> bytes) {
     for (std::vector<unsigned char>::const_iterator i = bytes.begin(); i != bytes.end(); ++i)
        std::cout << std::hex << (0xff & *i) << ' ';
    std::cout << std::endl;
}

void printBytes(const unsigned char *bytes, unsigned int length) {
    const unsigned char *end = bytes + length;

    std::cout << "As char * in fn: " << bytes << std::endl;

    for(unsigned char *ptr = (unsigned char *)bytes; ptr < end; ptr++){
        std::cout << "0x" << std::hex << (0xff & *ptr) << " ";
    }
}

const unsigned char *str2hex(const std::string input) {
    
    std::vector<unsigned char> bytes;

    for(int i = 0; i < input.length(); i += 2) {
        std::string subst = input.substr(i, 2);
        char byte = std::stoi(subst, nullptr, 16);
        std::cout << "Found byte: " << subst << ":: Converted to: " << std::hex << (0xff & byte) << std::endl;
        bytes.push_back(byte);
    }

    debugVector(bytes);
    const unsigned char *byteArr = &bytes[0];
    std::cout << "As char *: " << byteArr << std::endl;
    return byteArr;
}

int main(int argc, char const *argv[])
{
    // Check Args
    if( argc < 1) {
        std::cout << "Please Input a string" << std::endl;
        return -1;
    }

    std::string input = std::string(argv[1]);
    const int length = input.length();

    // add padding 0 if length is odd
    if(length & 1) {
        input.insert(0, 1, '0');
    }

    int numBytes = input.length() / 2;
    
    const unsigned char *bytes = str2hex(input);
    printBytes(bytes, numBytes);

    return 0;
}

there's a bit of debug code sorry

❯ ./str2hex 41424344
Found byte: 41:: Converted to: 41
Found byte: 42:: Converted to: 42
Found byte: 43:: Converted to: 43
Found byte: 44:: Converted to: 44
41 42 43 44 
As char *: ABCD
As char * in fn: �rX��U
0xe0 0x72 0x58 0xa6

and this is the problem @snow smelt was alluding to:

❯ ./str2hex 414243440046
Found byte: 41:: Converted to: 41
Found byte: 42:: Converted to: 42
Found byte: 43:: Converted to: 43
Found byte: 44:: Converted to: 44
Found byte: 00:: Converted to: 0
Found byte: 46:: Converted to: 46
41 42 43 44 0 46 
As char *: ABCD
As char * in fn: ����uU
0xc0 0xf2 0xd4 0xf5 0x75 0x55

bit of factoring to do as well

This works btw

If u don't want to print don't print, but it's making a bytearray

this looks like alien language to me

I suppose

I'll try with ints

of course it fails

I'm wondering why my char * is getting mangled

oh I'm dumb

I need to allocate on the heap

there we go

❯ ./str2hex 414243440046
Found byte: 41:: Converted to: 41
Found byte: 42:: Converted to: 42
Found byte: 43:: Converted to: 43
Found byte: 44:: Converted to: 44
Found byte: 00:: Converted to: 00
Found byte: 46:: Converted to: 46
41 42 43 44 0 46 
As char *: ABCD
As char * in fn: ABCD
0x41 0x42 0x43 0x44 0x00 0x46

might be a bit leaky though

I still don't like this though

#include <iostream>
#include <iomanip>
#include <string>
#include <vector>

void printBytes(const unsigned char *bytes, unsigned int length) {
    const unsigned char *end = bytes + length;

    std::cout << "As char * in fn: " << bytes << std::endl;

    for(unsigned char *ptr = (unsigned char *)bytes; ptr < end; ptr++){
        std::cout << "0x" << std::setw(2) << std::setfill('0') << std::hex << (0xff & *ptr) << " ";
    }
}

const unsigned char *str2hex(const std::string input, std::vector<unsigned char> *&bytes) {
    for(int i = 0; i < input.length(); i += 2) {
        std::string subst = input.substr(i, 2);
        unsigned char byte = std::stoi(subst, nullptr, 16);
        (*bytes).push_back(byte);
    }

    const unsigned char *byteArr = &(*bytes)[0];
    return byteArr;
}

int main(int argc, char const *argv[])
{
    // Check Args
    if( argc < 1) {
        std::cout << "Please Input a string" << std::endl;
        return -1;
    }

    std::string input = std::string(argv[1]);
    const int length = input.length();

    // add padding 0 if length is odd
    if(length & 1) {
        input.insert(0, 1, '0');
    }

    int numBytes = input.length() / 2;
    
    std::vector<unsigned char> *byteVec = new std::vector<unsigned char>();
    const unsigned char *bytes = str2hex(input, byteVec);
    printBytes(bytes, numBytes);

    delete byteVec;

    return 0;
}

should just use the darned vector though tbh

#include <iostream>
#include <iomanip>
#include <string>
#include <vector>

void printBytes(const std::vector<unsigned char> *bytes) {
     for (std::vector<unsigned char>::const_iterator i = (*bytes).begin(); i != (*bytes).end(); ++i)
        std::cout << "0x" << std::setw(2) << std::setfill('0') << std::hex << (0xff & *i) << ' ';
    std::cout << std::endl;
}

const std::vector<unsigned char> *str2hex(const std::string input) {
    
    std::vector<unsigned char> *bytes = new std::vector<unsigned char>();

    for(int i = 0; i < input.length(); i += 2) {
        std::string subst = input.substr(i, 2);
        unsigned char byte = std::stoi(subst, nullptr, 16);
        (*bytes).push_back(byte);
    }
    return bytes;
}

int main(int argc, char const *argv[])
{
    // Check Args
    if( argc < 1) {
        std::cout << "Please Input a string" << std::endl;
        return -1;
    }

    std::string input = std::string(argv[1]);
    const int length = input.length();

    // add padding 0 if length is odd
    if(length & 1) {
        input.insert(0, 1, '0');
    }

    const std::vector<unsigned char> *bytes = str2hex(input);
    printBytes(bytes);

    delete bytes;

    return 0;
}

there

this should work for arbitrary-length strings

probably needs a bit more input validation though

@brazen eagle why it looks like language from other planets lol

because it's C++

(bad C++ as well)

U know some interesting learning resources for cpp?

alright saw you have some solutions on that, lets check these

Learncpp or cplusplus looks very dry

best way of learning cpp: watch a tutorial onto something, make challenges on your own based on that tuto, try to solve them, die browsing stackoverflow, profit

For python, CTFs got my back

And a lot of projects

But for cpp, i can't find much tbh

cppreference.com is the best online library documentation for standard libs

with c++ (or Java tbh), avoid looking at legacy code. The language has turned a lot better in the last few (ten is a few, right?) years.

yup

Most learning for C++ is pain and suffering, you'll be better off using an IDE like CLion or Xcode.

I need to figure out how those smart pointers work

and just writing a bunch of code for trivial and less trivial projects

smart pointers are radical

totally change the way you think about how RAII

they were introduced just after I stopped using C++

I passionately hate the way inheritance works in C++.

inheritence is pretty dumb everywhere

at least polymorphism is flexible enough in C++ to be usable

tbf if I were doing this properly in C++ it'd be in a class already

the inheritance in Java is way less usable

not necessarily

composition > inheritence

I don't think it's for learning right?

proper classing in C++ should be done with the mindset of where the manipulation is taking place

Just for reference

I was on C++ Reference all the time

oh, its definitely for learning. Between the documentation and examples, it's really ehlpful

My hatred is aimed mostly at virtual methods.

haha

back to OOP: I use an object to maintain state transformations, but not for interactions between objects

oh gods those always threw me for a loop in school

Not variadic metaprogramming? that's usually the thing that drives people away

https://tenor.com/view/get-out-leave-gtfo-get-out-of-here-gif-6207127

It's way too easy to make mistakes there, coming from practically any other oop language

I didn't read this.

virtual or pure virtual?

variadic metaprogramming is template programming

Yeah. I just didn't want to acknowledge seeing that mentioned 😄

haha

I can't really remember the difference between virtuals and pure virtuals. I'm just an occasional recreational user.

Of C++, that is 🙂

pure virtual is a virtual function that is undefined in the base class, and only has a signature

makes sense. (that's a first for C++)

so derived classes must implement it

c++ makes a lot of sense, don't blame the language because it gets misused

true.

@brazen eagle @remote echo @steady anchor

#include <string>
#include <sstream>

using namespace std;
// i luv bad practises

int main() {

    string s = "fcab27bcd80e1ab25ced1683fffce3ed";
    const int sLen = (sizeof(s) / sizeof(char)) - sizeof(unsigned long long);
    char arr[sLen-1];

    string fin;
    for (int i = 0; i < s.length(); i += 1) {
        string tmp;
        tmp.push_back(s[i]);
        tmp.push_back(s[i + 1]);

        stringstream str;
        str << tmp;
        int val;
        str >> std::hex >> val;
        fin.push_back(val);
    }

    strcpy(arr, fin.c_str());

    return 0;
}

The solution i came up with3

that'll work too

Preprocessor definition _CRT_SECURE_NO_WARNINGS needed if you're gonna compile that through vs

I got no warnings

i got one cuz of strcpy

but I was wondering if inputstream would work

strncpy?

strcpy(arr, fin.c_str());
last line of the code

yeah, use strncpy

oh okay! thanks!

it basically copies n bytes

wonder if c_str(); handles null bytes properly though

or if it will consider it a terminator

ah window compilers

110 msgs wow

eh?

c_str dumps the current string object in to a c string

which is nullterminated

yes

so if there's a 0x00 in the array

everything after is no longer interpreted

what i use if i want to push back a null byte (e.g when experimenting with shellcode strings)

i do that

"mystr" + std::string(3, '\0')

this will add 3 null bytes

for example

std::string payload = "\xfc\x48\x83\xe4\xf0\xe8\xcc" + std::string(3, '\0')

will result in a
\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00 string

pretty useful if you guys are looking for AV evasion, as the static analysis will immediately detect your payload byte array and mark it as malicious

tbh, i like more to play with strings rather than byte arrays as it makes it super easier for evasion, using libs like xorstr, base64 or any other form of encode / encryption
Do you agree or you take a different approach ?

Didn't knew there is something like std::hex lol

that is what i used hex with cout

Hi

but i did not used std::hex just hex cause of std

Java sucks

Bye.

👀

anyway moving on

that was C++

https://tenor.com/view/cat-sit-human-waiting-gif-3955430

I know what it was, i was stating the truth.

https://tenor.com/view/truth-accurate-stefon-gif-3386878

WHY IS C SO HARD????????????????????????

sorry you have a script for .vbs that opens a file, for example notebook.txt?

@azure orchid Keep it safe for work.

dang aight

C is only as hard as you let it be

wise words

Anyone good with python here?

Just ask your question

I'm looking to automate my workflow using python, Is it possible to spawn a new terminal using python?

Yup, I believe so

Could you point me in the right direction if you know, I am currently looking at the 'OS' and 'Subprocess' modules and struggling to find something

Could you elaborate on "spawn a new terminal"

Like actually open a new terminal window?

@pine jungle

yes, I would like to open a new terminal window or tab and then execute commands on the new tab/window

Not sure about executing commands, you can do that using subprocesses but I think it has to be run from the terminal

coolio

Thanks for the help @true pumice

I presume your on Linux right? @pine jungle

Yes bud

https://tenor.com/view/kisses-love-couple-kiss-muah-gif-16851922

Okay, maybe subprocess.call('/bin/bash')

Would work?

Idk

I'm not on my computer atm

cough

I'll try it out and get back to you jabs

anyone know of a site that takes some css, and minifies it in a sense that it takes elements/classes/ids with the same properties and combines them?

so if i gave it

.a {
  margin: 10px;
}
.b {
  margin: 10px;
}

it would return css .a, .b { margin: 10px; }

https://css.github.io/csso/csso.html

ah nice ty

pretty neat ngl

noice

another css problemo

i have a navbar, links on the left, icons on the right

nvm

i did it

call me a genius

pty can work right?

import pty
pty.spawn("/bin/bash")

Hi guys, i upgraded my kali using the apt dist-upgrage... Well a lot of python scripts are written with the version 2 of python, and most libraires/modules in my kali are used only by python3.

Well here are my questions:

-Is there a way to load modules on python2 ?
-Can i convert the python2 to python3 scripts ( i know some websites but not always working)?
-What kali version uses python2 instead of python 3 and, is it permitted in new oscp?

1. if you're running with python3, then you can't import python3 modules; however there are packages that try and translate it: https://python-future.org/translation.html
2. there are a couple ways, 2to3 should be installed on kali by default (might not be totally reliable): https://docs.python.org/3/library/2to3.html
3. pretty sure all kali versions include both python2 and python3, and you can use either on oscp

Thanks man

I have a ruby script, it gives me binary output rathen than variable output

https://gist.github.com/FatihDurmus/52cea84a7e3e863090acc2cd3ed7aff0 here source code

what is my mistake?

need a little bit of help

i wanna rename all of these files

and only keep the first 2 letters

without doing these manually

can someone help me do this?

ah i did it with a help of a stackoverflow's member

setlocal enabledelayedexpansion
for %%i in (*.wav) do (
  set "fname=%%~ni"
  ECHO ren "%%~fi" "!fname:~0,2!%%~xi"
  ren "%%~fi" "!fname:~0,2!%%~xi"
)
pause```

Write a program to count the frequency of elements in a list of numbers.

this is what i tried its wrong but how to correct

it

So I understand that the input of the program will be a list of numbers like [1,5,6,6,2,2,2,2] and you have to output the frequency of each number like this: 1:1, 5:1, 6:2, 2:4?

the desired number which user want

@glass cape You want a list of numbers from the user

Then the user gives you another number and you want to check how many times that number appears in the list

Am I right?

In that case the input would be:
List: [1,5,6,6,2,2,2,2]
Num: 6
And the output:
6:2 -> meaning the number 6 appeared on the list twice

Is that correct?

@glass cape

offcourse

yes

yes you are right jay

Rightio

@glass cape is this for homework?

no i am prepareing fro my exams and its a question in my book

ahh kk

i rarely ask any homework question here

What have you got so far?

actually i left this program and started doing the others one

are you there

yeye

Okay, firstly we need to get the list of numbers

So we can do this with:
li = list(input("Enter numbers --> "))

it will take them in strings

??

yes as i said they are string but wait a min how did you split them without useng split function

The list() func does this for you :)

list() does the conversion for you

Okay, I need to brb - giving my mum a present

np thanks for the help

@glass cape are you there?

yes

i am

good

that's the most basic version of your program

okay back

you first ask the user for the list of number
Then iterate through that list to find out how many time each number occured
At the end you ask the user for the number they are interested in and print how many times did it occur

li = list(input("Enter --> "))
num_to_find = input("Enter number")
count = 0 # We start at 0 as we presume it isnt in the list
for num in li: # For every item in the list we:
  if num == num_to_find: # Check if its the same number as num_to_find
      count += 1 # If it is, we add 1 to the count
print(count)

what does the 4 line of your code do

okay, so he's done it where he's getting every number

it checks whether i (number) is in dictionary vals and if so increments its value by 1

and then storing it into a dictionary

though I feel that is a bit overkill for what he wants

ohh yea we use : this to associate it in dictionry i forgot

Well, it kinda is if you want just one number

however this solution allows you to see how many times each number occurred

so go with @surreal bronze's solution for this particular example but keep in mind that you can solve it this way too

actually both of yours solutions are helpful to me @surreal bronze and @sacred nimbus i can use both of them if the question focuses on my list chapter i can go with jays one and if it is of dictionary i can go with b4rtoo one thanks a lot for your help

👍 👍

You're welcome!

Hi guys, I'm currently doing the Buffer Overflow Room, on task 8 I'm trying to pass as argument to the binary I'm exploiting the output of a python program, but I receive this error, does anyone have a hint to solve this issue?

does anyone have any experience with selenium?

given these elements is there a way to select the yellow elements iff they fall in a specific row/column?

they all have the a mutual class which is how i'm selecting them now, but i'm not sure how to filter them any further...

Hi

Is it possible to decode SHA512 using python

For example :
"45ca55ccaa72b98b86c697fdf73fd364d4815a586f76cd326f1785bb816ff7f1f88b46fb8448b19356ee788eb7d300b9392709a289428070b5810d9b5c2d440d" means "hi" when I pass it on to a decoder online. Is it possible to do the same in python.

Google Crypto.Cipher module in python

k

thanks

Just to let you know, your not actually cracking the hash, all the "online record" are just database which store many hashses and then cross reference your input hash)

Thanks

learnt something new today 🙂

Glad you did 😄

Hey, hi everyone I am trying a LFI and I would like to ask if it is possible here:<?php include("inc/$mail.page.php"); ?>

i also want to mention that there is also this security check:
<?php
$pages = array("show", "index", "new_mail", "del");
$mail = $_GET['mail'];
if(!in_array($mail,$pages)){
$mail = "index";
}
?>

a bit late but the double quote must only be used to execute the python command, then you pipe the result as input for the script -> python -c "print('/x41' * 30)" | ./buffer-overflow

I'd honestly swap the quotes around?

Single quotes for bash means don't interpret anything between them

Indeed when I did the task I swapped the quotes, I tried and '\x41' is translated as 'A', so I guess that the part after -c is only interpreted by python?

scl = dict()
i = 1
flag = 0
n = int(input("enter the number of entries"))
while i <=n:
Adm = input("enter the admission number ")
nm = input("enter the name of student")
section = input("enter the name of the section")
percentage = float(input("enter the percentage of the student "))
b = (nm,section,percentage)
scl[Adm] = b
i = i + 1
l = scl.keys()d

for i in l:
print("\nadmno ", i, " 😊
z = scl[i]
print("name\t", "class", "per")
for j in z:
print(j , end="\t")

what is the meaning of scl[Adm] = b

in this code

and i have no idea why that emoji is there i think its because of that : ) thing

Could you use code blocks please:)

So, at the top scl is defined as a dictionary.
From there, there are a few inputs and processes performed and that then comes down to b which seems to be a tuple.
b is then stored inside the dictionary scl with the key Adm.

Dictionaries work like this in python:

dictionary = {key: value}

If you create a dictionary and later want to store values in it, you need to store them in a key:value format.
See this example here:

dictionary = dict() # Create the dictionary 

key = "I am a key!"
value = "I am a value!"

dictionary[key] = value

When you print the dictionary, you will have: {'I am a key!': 'I am a value!'} as the output.
You can use this in various ways, such as:

# 1
dictionary["This is a key"] = "This is the value"

# 2
dictionary[variable] = "Insert a value here!"

# 3
dictionary["Key here"] = variable

You might want to refer to the documentation or google for more details @glass cape

Oh btw you can also define a dict with:

dic = {}

Or

dict = {"key":" value","key":"value"}

dict = { 
    "key":"value",
    "key2":"value2"
}

this way as well

(just for elegance's sake haha)

Yes thats the same but better formatted 🙂

tahnks for clearing my dbout

and also i thought blocks only works in py dis lol

i was wrong

thanks jay

thanks jacob

Hey. I'm currently doing the Codecademy python programming courses - Currently on the "Student becomes the teacher" lesson Part 6. "Just Weight and See" (hoping someone has already done this 😄 ).

This was my original code. Which wasn't accepted:

def average(numbers):
total = sum(numbers)
total = float(total)
total = total / len(numbers)
return total

def get_average(student):
homework = total(student["homework"])
quizzes = total(student["quizzes"])
tests = total(student["tests"])

Tried to add a picture but it didn't allow me to copy and paste and screenshot... But anyways. I changed "total" to "average in the function get_average and it worked. My question is - why?

There's a chance that the code used to validate your code looks for key-words.

you need to verify to be able to add screenshots

I'd guess that it should execute the code against a set of unit tests

but also average is defined but never used

Depending on the application, the requirements change. Some check variables and their values, so check return values and others look for a specific set of keywords.

the get_average function calls total which doesn't seem to be defined

I had a look and you're right. I was looking for keywords. Thanks 🙂

Ah right. How do I do that then xD

!docs verify

What’s up?

@frigid egret

just realised its still under embargo lol sorry

..

dw i still have no idea how to escalate :)))))

LMFAIO

would they be triggered by asynchronous events or by requests/responses?

You likely have a response handler somewhere in your client. Make it trigger showing a popup. How to exactly do that would be specific to the used framework.

And make sure your API responses contain enough information for client to be able to populate that popup.

My assumption is that you want the API user to show the popups somehow. And they'll have to take care of showing it anyway.

I'm also assuming the API would not provide rendered content, but rather JSON or something.

<script> alert(1) </script>

theres your alerts :p

Hopefully...

Usually it's JSON or XML. Sometimes something weirder.

My view of APIs is that they provide the data in a structured format, frontend or other API client handles all of representation.

Let's hope "weirder" isn't the case in a new API that's being built 🙂

If it's all in the backend then you get like... protobuf and stuff

true - with JS i thought this is about backend to frontend style APIs. backend internal APIs make the world more interesting, it could be protobuf or gRPC etc.

Can JS handle grpc?

there is node grpc, at least.

Yeah but I don't think there's a browser based implementation

I don't think that'd make a lot of sense. It's not as if browser APIs should have strict performance requirements.

okay, I have never touched databases / sql so need some help with this:

import sqlite3
tabel = sqlite3.connect("output.sqlite")

cur = tabel.cursor()
cur.execute("SELECT * FROM convert_to_db_sql")

rows = cur.fetchall()

for row in rows:
    print(row)

Why does this print an empty item in the tuple as well as the row?

everything works fine just the empty value is kinda annoying😅

Table structure may be having an impact.

SQLite also doesn't always behave like a full SQL product

mk

ahhaha

my bad

And, if you ever do migrate from sqlite to a full on sql server, that WILL cause you no end to headaches

Turns out there was an empty col 😆

I'm planning on using it for a django website

I think it's usually simpler to just start with a postgres or maria instance

Yeah, don't use SQLite for that

Should I switch to full sql?

mk

You are going to make yourself full on crazy if you are planning on taking that to actual infra from a local dev

Whats the best sql db "manager" for this

Out of these:

PostgreSQL
MariaDB
MySQL
Oracle
SQLite

would you say?

we're looking at 1-2 tabels one for around maybe 10k items with ~4 cols

sqlite is good if it's like... a single user

PostgreSQL.

(That's a matter of opinion, my one being the above 🙂 )

I would say postgres or maria - maria was intended to be a drop-in secure replacement for mysql.

It's all about preference - I think the documentation around mysql/maria is better than postgres, but postgres is a bit better when you know your way around a RDB

okay apparently SQLite for testing, PostgreSQL for production is the way to go

oracle has subscription costs if you are going for the real deal, and mysql can be thought of as a cut-down featureset of oracle

sqlite is never the way to go for testing

because the db structure for django ORM is substantially different

if your app is intended to be run locally at all times (like cherry tree) sqlite will not pose problems

if the django app is intended to be hosted on a server with a grown up version of sql involved, then migrating your codebase and table structure from sqlite to postgres or maria will be a really, really terrible experience

if you are new to database programming and MVC with an external data model, do not use sqlite with the intent on replacing it in production

Am using it with Django and hosting on Digital Ocean @magic falcon

how can i add two REG patterns to each other ?
so i got this pattern \w+@\w+.com to get a email
and i made an other one to search for phone number ; ((\d{3})) \d{3}-\d{4}
and i want to make a reg that return phone the email and the phone number at the same time but i dont understand how to add them to each other

Why do you need regular expression for phone numbers and emails? @lilac holly

its a practice project

im learning py

But why specifically phone numbers and emails?

im reading the Automate The Boring Stuff With Python and i came to a practice project there

that asked me to make a code that return email and phone numbers from a clipBoard

but it doesnt cover how to add two REG patterns to each other

that'll be covered in the py re docs

i'll check

nvm i figure it out

all i was missing was the pipe

|

emails and regex reminds me of this... https://stackoverflow.com/questions/201323/how-to-validate-an-email-address-using-a-regular-expression

((\d{3})) \d{3}-\d{4}|\w+@\w+.com

solved my problem

The state machine diagram in the post above is True Art.

Hey y'all got an easy github issue if ya wanna get into open source 😄 https://twitter.com/bee_sec_san/status/1371779697391108097

eww scraping

Hey! Thanks to @true pumice , @remote echo and @surreal bronze we just added ~100 new ways to contribute to open source. This is your chance to get involved in a project 😄

https://twitter.com/bee_sec_san/status/1371862410869506055

go go go

free 1 month sub THM voucher jk, im poor ok

Wouldn't it be nice to add tests for the hash types while at it?

yes you are right

I also forgot to tag it

but I am now away hahaha

Hi community I’m real new to cyber security. I wanted to start coding. What language should I start? I heard often Python is a good way. What do you think ?

Programming isn't that big a part. Python is a good first language.

Python (3) is useful and generally considered beginner-friendly

coding isn't necessary, but it can be helpful

what is the most used programming language as for this date?

Wauuu thanks for the quick answers I appreciate your input.

depends for what purpose

but generally?

let me check

by the TIOBE index, C is most popular

cpp i think

followed by Java, then Python

okay thx

C++ in 4th

https://www.tiobe.com/tiobe-index/

👀

top 10 demand for programming languages are Javascript, Java, Python, C#, PHP, C++, Typescript, C, Kotlin and Swift, according to https://www.codingame.com/work/blog/hr-news-trends/top-10-in-demand-programming-languages/

Is there any good course or page out there to learn python ? Thanks for your input

for what it's worth, there's https://www.learnpython.org/ which seems alright

i used to watch tutorial of thenewboston on youtube

Sentdex is really really good

and tech with tim too

^

@brazen eagle What do you think of testing like this? Should I ask this PR maker to split it up into individual tests? https://github.com/HashPals/Name-That-Hash/blob/ecb6b555ea25821bb853a138e97e8cbe31f50e7d/tests/test_main.py#L58-L71

isn't that asserting that there's at least one kerberos in x?

oooh good catch!

might need something like:

foreach(hash in hashes) {
    x = runner.api_return_hashes_as_json(hash)
    assert 'kerberos' in x
}

not sure how the reporting works on that though

Can someone help me out with trying to figure out the arm assembly implementation of this c function?

So I'm trying to figure out the implementation of this function, right

and I think I pretty much got it but the only thing I cant figure out is to implement that cast to 8 bits unsigned

Nevermind got it, my new problem is trying to debug this function

which is supposed to be an implementation of this function but Ive determined doesn't work

Mine just ended today lol

🤣

Recently I read the blog post by muiri
Which gives clear explanation to RSA ,I need some extra help regarding resources in which I can implement it with for larger primes can anyone provide resources which speaks on finding larger primes and implementing it...

i & 0xFF will pretty much cast it to a byte 😉

pointer math is always a bit shaky though

Passport.js

Something OAuth compatible

Passport.js looks to be an Express thing

That is true

granted most node.js apis probably use Express to begin with...

for auth I use urql if you want to go along with graphql

hmm spectacle looks interesting

C question:
Is it discouraged to define macro functions and use normal functions?
I don't get the benefit from using macro definitions as they can easily rise errors

Macros are a pre-processor replacement; it can make code harder to debug but there are hypothetical speed enhancements that can be made by using them. If there isn't a solid reason backing that decision, it's usually a standard practice to not use them

that's what i thought

we used macros a lot to wrap logging code

LOG_DEBUG("Stuff") rather than log("stuff", debug);

Someone that can help me with rop?

I tried to replicate a script
@DefCampRO
Quals in 2019 (https://app.cyberedu.ro/challenges/559e4ec0-7f21-11ea-b4cb-3db05c1cfb77/) but I my shell get's terminated. I tried to tweak it around for over a week now and I can't seem to make it work (https://github.com/1337pwn3r/HacktTORs/blob/master/DefCamp 2019/secret/exploit.py). Any advice is highly appreciated!

https://cdn.discordapp.com/attachments/648919825640325121/821823500184453160/1.png

The expected outcome is

https://cdn.discordapp.com/attachments/648919825640325121/821823587785768970/unknown_1.png

isn't that an active challenge? I've seen it on LinkedIn over the last few days

Yes

Can you give me the LinkedIn link, please?

Hello, I have a question, how do you build in that the browser takes a different proxy each time (javascript)? With authentication?

import openpyxl as xl

wb = xl.load_workbook("transactions.xlsx")
sheet = wb['Sheet1']
cell = sheet.cell(1,1)

for row in range(2, sheet.max_row + 1):
   cell = sheet.cell(row,3)
   corrected_value = cell.value * 0.9
   corrected_value_cell = sheet.cell(row,4)
   corrected_value_cell.value = corrected_price


wb.save('transaction2.xlsx')

its giving me a error

on line corrected_value_cell.value = corrected_price

can some boady help me

If you want help with an error, you need to show is the error

Ye what's the exact error?

unressolved reffrence corrected_price

Can I have a screenshot?

You never defined "corrected_price"

i am setting its value as it

yup

var not def

u havent specified the variable

Thanks for arguing, but you really are not.

Where are you setting it?

Is this the full code?

yes

its a exel sheet that i want to automate

Then as James said, you haven't set the corrected price

Gotta love it when people ask for help then ignore it when they get shown the problem

no really i was seeing it in my code thanks for the help actually i did have a look after you told me to

import openpyxl as xl

wb = xl.load_workbook("transactions.xlsx")
sheet = wb['Sheet1']
cell = sheet.cell(1,1)

for row in range(2, sheet.max_row + 1):
   cell = sheet.cell(row,3)
   corrected_value = cell.value * 0.9
   corrected_value_cell = sheet.cell(row,4)
   corrected_price = corrected_value_cell.value


wb.save('transaction2.xlsx')

now its good

So maybe you should check before arguing? If you argue with people when they try to help you, they will stop wanting to help you.

If there wasn't a problem then it'd be working.
Best to listen to people and see if they're right before arguing.

sorry i was a bit confused wont do it again btw thanks for helping

Just a tip, if you hover over the line with the squiggly red thing under it, it will tell you the error 😄

ok i'll keep that in mind

thanks for helping

actually did see it but was confused as i thought already i did difined the variable but i had to do it other way round

hey all, so I've got kind of a stupid question...I'm a noob with linux and python...I was watching a YT video where I guy was writing a python script in linux...he started it off with the following bit of code:

#!/usr/bin/env python3

That's called a shebang, it tells Linux what interpreter to use to run the file if you do just ./script.py

So it's basically the same thing as when I start off a bash script?

Yep, exactly

Yup, should be.

Coincidentally, it's also how magic bytes on compiled programs work on Linux

ah, gotcha, ok...thanks!

I have an excel file with two tables in two different worksheets. Table A contains unique entries and a unique ID. Table B has the same ID and extends data to it. Now I have to merge those tables, any idea how to do that?

    - ID1 [valueTabA] [valueTabA]
    - ID2 [valueTabA] [valueTabA]
    - ID3 [valueTabA] [valueTabA]
    - ID4 [valueTabA] [valueTabA]
    
    Table B
    - ID1 [valueTabB1] [valueTabB1]
    - ID1 [valueTabB2] [valueTabB2]
    - ID4 [valueTabB] [valueTabB] ```
which should merge into:
```Table A
    - ID1 [valueTabA] [valueTabA] [valueTabB1] [valueTabB1] [valueTabB2] [valueTabB2]
    - ID2 [valueTabA] [valueTabA]
    - ID3 [valueTabA] [valueTabA]
    - ID4 [valueTabA] [valueTabA] [valueTabB] [valueTabB]``` 
Using python, how would you do that?
Currently I'm using openpyxl 
```import openpyxl

file = "excel/separated.xlsx"
wb = openpyxl.load_workbook(file)
dissection = wb["Dissection"]
damage = wb["Damage"]

current_row, current_line = 2, 2

for row in damage.iter_rows():
    # loop through first table
    id_A = damage.cell(row=current_row, column=1).value

    for line in dissection.iter_rows():
        # loop through second table
        id_B = dissection.cell(row=current_line, column=1).value
        copyData = []

        if id_A == id_B:

            for col in range(2, 39):
                copyData.append(damage.cell(row=current_line, column=col).value)

            for item in copyData:
                column_count = dissection.max_column

                dissection.cell(row=current_row, column=column_count).value = item
                column_count += 1

            current_row += 1
            break

        if not current_line > 409:
            # prevent looping out of range
            current_line += 1
        else:
            current_line = 2

wb.save(file)```
But it's not pasting the data to the cells plus I don't know how to append many rows behind each other (see example ID1)

You can easily read a .xlsx file with pandas

https://stackoverflow.com/questions/16888888/how-to-read-a-xlsx-file-using-the-pandas-library-in-ipython

and how do I merge the tables with pandas? Sorry, never really used it

If a MySQL server is restricted to access only from its localhost, how can we spoof the MySQL server to access from remote?

Tunneling/port forwarding/proxying?

for tunneling we need SSH access first? But what if we dont have SSH?

Use another initial compromise method and tunnel that way

Hey guys can anyone me guide me through how to learn reverse Engineering from the bare bottom, everything I found doesn't really have the basics and I m not a book guy more of a video guy

hi 😄

I'm new 😄

can someone please run https://github.com/m1dal3/HackTORs/tree/master/DefCamp 2019/secret

Hey @onyx merlin I just can't figure out where /api/login is handled in Overpass1. I wanted to reverse engineer the configuration to see what answers to login attempts to see what (and if) there are valid credentials to login with. Can the configuration (or routing?) for the "server" executable be found somewhere on the box or would i have to reverse engineer the whole executable to unravel the whereabouts of that endpoint? No i don't know that much about web programming and stuff

It's a golang webserver

yeah figured that out with gorilla

You aint gonna get the valid creds without reversing the binary. Because you're not meant to

The routing is all done in the binary

ah ok, couldn't find sense with grep Handlefunc *.go anyway

I have an api boilerplate on my github that shows how it's done

I don't know if the source is even on the box?

i couldn't find it .. but that don't mean much ;P

There is a valid password, but you'd never find it.

something over here?

I recommend against reverse engineering it

Because it's going to cause you pain.

🤣

There's genuinely no point

ok, then I'll put that one in the pain chest and lock it away
yeah, the only pint is practise

There's probably golang RE exercises on the internet that you're actually meant to complete

yeah, thanks anyway and have a nice day!

GOlang reversing is pain

It has a lot of things lol

oh yeah the login is totally broken

?

for overpass? you aren't meant to brute force it but it's still deliberately broken

It works

You just don't have the creds

probably assuming you find creds

It aint broken

Spoiler.

there are writeups

but alright

Yeah, but this isn't a room help/hints channel

No sense spoiling people who don't go looking for it.

point taken

got to know about a tkinter i am thinking of making a calculator as a fun project but how will i integrate my code with this gui

read docs, usually helps

which docs were i can find them

tkinter module, go read docs or see some yt vids on it

Thanks

Any idea why this would return null even though the user object is valid.
https://cdn.discordapp.com/attachments/466249612529893386/822747545948258304/unknown.png
cuz msg.member in discord js is always returns null
https://media.discordapp.net/attachments/466249612529893386/822748062199054356/unknown.png
Same issue with

msg.channel.permissionsFor(msg.author).hasPermission("MANAGE_MESSAGES")

It used to work fine earlier

This question is related to Discord.js

Hello, I am currently in a hackathon and I need some help, can anyone please help me out here

Company: Koshex
Domain: Machine Learning and Web Development
Introduction:
The idea is to help people view and study their overall spend analysis by developing a simple web app to analyze all the purchases made by scanning the credit card and bank statements.
Expected Solution:
Use any method to parse the PDF and track payments. Using AI and machine learning, the app should be able to group items category-wise, for example, food, clothes, fuel, etc. on a date range view i.e weekly/monthly/yearly The solution should run on at least 5 different bank and credit card statements e.g. ICICI, HDFC, SBI, YES, AXIS
Additional Requirements: (If Time permits) The app should prompt users when they overspend or make repeat purchases

This is the problem statement

What do you need help with tho?

Everything probably? 😁

Um, just break the problem into tasks

I'm through with the i/p part, as I recently started ML I do not have idea as to how we display the data on the site directly

As in taking the pdf and conv it into csv- Through with this

Id say work on the ML side first, cuz thats the important part.

And my front end is ready

There are pdf/Cv parsers out there where they will give you literally everything you need.

When you've figured that much out, just use algorithm from Sklearn Algorithm map

So after parsing the data, can we like extract it to a Dictionary?

Lethal_Hitman, I hope this is not active and you’re getting prizes for doing this.

I think yeah, i haven't used em in a while

Not at all lol, I am working on this cuz I have a project to submit and this is the example of what my Teacher gave me

If it’s homework or an assignment, we usually avoid giving too much help too. You need to show your teacher what you can do.

well, she just taught us abc and has asked us to submit an essay. So here I am, stuck

And this is like, I want to know how things work, but do not know how to put things together here

My problem here is, I do not know how to display this on my website....

in developing a cryptocurrency, are there any gotchas I should look out for? I'm building a currency for a client and wanted to make sure I didn't step into any holes. I understand the mechanics involved (p2p network with a distributed blockchain with consensus-based persistence and transactions protected by ssh keys). I am planning on using IPFS for network management (although currently I'm using webrtc because convenience), DNS style consensus management, and rolling my own block style for transaction that looks something like <Sender Public Key> SENT <crypto amount> TO <Receiver Public Key>\n<encrypted digest as signature>

Hello i have problem with my code and iam learning soo, i cant fix this bug.... And i was trying for 3 hours soo can someone help me with C#? its calculating program for block like surface and volume.

using System;

namespace VSkvadru
{
    public class Program
    {
        public float a;
        public float b;
        public float c;
        public float V;
        public float S;
        public static void Main(string[] args)
        {
            vstup();
            vypis();
        }
        public static void vstup()
        {
            Console.Write("Enter a in cm: ");
            string retezeca = Console.ReadLine();
            float a = float.Parse(retezeca);

            Console.Write("Enter b in cm: ");
            string retezecb = Console.ReadLine();
            float b = float.Parse(retezecb);

            Console.Write("Enter c in cm: ");
            string retezecc = Console.ReadLine();
            float c = float.Parse(retezecc);

            Console.WriteLine("You entered: {0}, {1}, {2}", a, b, c);
            Console.ReadKey();
        }
        public void objem()
        {
            float V = a * b * c;
        }
        public void plocha()
        {
            float S = 2*(a*b + a*c + b*c);
        }
        public static void vypis()
        {
            Console.WriteLine("Volume is: {0}", V);
            Console.WriteLine("Surface is: {0}", S);
            Console.ReadKey();
        }
    }
}

I don't know a lot about C#, but you're referencing instance variables in the static method vypis().

# -*- encoding: utf-8 -*-
"""
Copyright (c) 2019 - present AppSeed.us
"""

from django.contrib.auth.decorators import login_required
from django.shortcuts import render, get_object_or_404, redirect
from django.template import loader
from django.http import HttpResponse
from django import template

@login_required(login_url="/login/")
def index(request):
    
    context = {}
    context['segment'] = 'index'

    html_template = loader.get_template( 'index.html' )
    return HttpResponse(html_template.render(context, request))

@login_required(login_url="/login/")
def pages(request):
    context = {}
    # All resource paths end in .html.
    # Pick out the html file name from the url. And load that template.
    try:
        
        load_template      = request.path.split('/')[-1]
        context['segment'] = load_template
        
        html_template = loader.get_template( load_template )
        return HttpResponse(html_template.render(context, request))
        
    except template.TemplateDoesNotExist:

        html_template = loader.get_template( 'page-404.html' )
        return HttpResponse(html_template.render(context, request))

    except:
    
        html_template = loader.get_template( 'page-500.html' )
        return HttpResponse(html_template.render(context, request))

So this is an example of making the user have to login before accessing any page, How can I make so they can access a certain .html page without being logged in

Would you have to do like?

{% if not request.user.is_authenticated %}

but if you move away static you cant call it in Main...

Try creating an instance of the class, and setting the values for that instance.

You can use that if statment to show/hide specific things in a page, but you have access to request.user.is_anonymous which will give you a True/False that you can use as a redirect if statment instead of the @login_required

Okay, so when I do this it works except it says "404, not found" on the table data.html, but if I login the table data.html works fine

# -*- encoding: utf-8 -*-
"""
Copyright (c) 2019 - present AppSeed.us
"""

from django.contrib.auth.decorators import login_required
from django.shortcuts import render, get_object_or_404, redirect
from django.template import loader
from django.http import HttpResponse
from django import template

@login_required(login_url="/login/")
def index(request):
    
    context = {}
    context['segment'] = 'index'

    html_template = loader.get_template( 'index.html' )
    return HttpResponse(html_template.render(context, request))

def pages(request):
    context = {}
    # All resource paths end in .html.
    # Pick out the html file name from the url. And load that template.
    try:
        if request.user.is_anonymous:
            load_template  = "/tables-data.html"
        else:
            load_template      = request.path.split('/')[-1]
        
        context['segment'] = load_template
        
        html_template = loader.get_template( load_template )
        return HttpResponse(html_template.render(context, request))
        
    except template.TemplateDoesNotExist:

        html_template = loader.get_template( 'page-404.html' )
        return HttpResponse(html_template.render(context, request))

    except:
    
        html_template = loader.get_template( 'page-500.html' )
        return HttpResponse(html_template.render(context, request))

....
load_template = "/tables-data.html"
if not request.user.is_anonymous:
  load_template = request.path.split('/')[-1]
....

Also you want to try the tables-data.html for every user and make sure it actually works

still doesnt work, I tried it with the admin and user with no luck

You are probably hitting this

    except template.TemplateDoesNotExist:

        html_template = loader.get_template( 'page-404.html' )
        return HttpResponse(html_template.render(context, request))

Top is logged in, bottom is logged out

The template tables-data.html is not found, check the path

ahhhhhhh

there we go

yup, was a spelling mistake 😅

😄

@thorn finch it broke it ignore, was a token error

Yeah I saw but I was talking to a student couldn't reply in time 😛 CSRF token cuz u refreshed the page

yeee, it was wrong because it redirected to login.html not /login/

Also, do you know how to make the table from an SQL tabel?

Are you using models ? @surreal bronze

I think so

objList = Model.objects.all()
context['objList'] = objList

{% for obj in objList %}
<h1>{{obj.name}}</h1>
{% endfor %}

if it helps im using an admin template

Switch up the attribute name from name to whatever ur using, and the Model to the appropriate model name

Okay, Im still really confused. Not really a big web dev guy 😅 - https://pastebin.com/4nZTrCfH Thats the HTML / JS code, any ideas?

It's not very clear in all honesty

If you want DM me the repository and i'll see what I can do

I'll be back in a bit though

alrighty, Ill dm ya

hi so im learning assembly x86 and was wondering i saw that the E of EAX is for extended can i use AX?

I have a strong feeling you can but give it a try 🙂

oh okay thanks

Anybody experience in Django, I cant seem to access the site from my computer --> DigitalOceans server which I'm running it on.

Getting a refused to connect. when trying to access the site but if I ping the server it responds fine

Its the right the port as well, is this djangos fault or the DO server?

can you access it from your mobile phone?(3/4G)

@surreal bronze

might be DNS

Im connecting to it from its IP

and no,

Firewall?

yeah, that's all of my extensive knowledge of django sorry

~~use React instead 😄 ~~

Thats what I'm thinking

What OS?

Ubuntu

Yeah you might need to add a firewall rule then

sudo ufw allow 8000 This makes a firewall rule right?

Still doesn't work :(

I don't use ubuntu with a firewall

Got a firewall applied to the droplet with DO?

Yeah should do

Then you will need to apply the rule there to allow it

Yes!!! it worked!

thank youu

My droplet didn't have that set up, interestingly

Yeah thats weird, anyway.....now time to setup domain and SSL 😅

certbot!

Digital Ocean Ubuntu servers have an open firewall by default 👀

Yea, mine did

What the heck did you do to that droplet Jayy?

yeah I recall not having to do anything to my DO droplet when I first set it up

Tbh I have no idea....I'm just happy it works 😆

I'm amazed you're using DO and not abusing the fact that you have full admin credentials to my personal AWS account

how could you accuse me of such thing!

it wasnt accepting my password

How do you make python print something in Rot13?

https://stackoverflow.com/questions/14424500/text-shift-function-in-python might help

@mortal flint that’s in python 2

python 3's print is just print()

most of the other stuff works the same way, or is similar

Please don't ask about deauthing here, it's illegal/unethical

So I'm programming a text editor in java and I need to print the line that is being edited while editing it (to stdout), I'm pretty stuck and would appreciate some help

curses can probably do something like that

but that`s a linux thing

hey guys could i get some help?

so I'm trying to pass a Label as a button click event handler in C#, but it dooesn't work

any ideas?

Whenever I want to install Library or module for python 2.7 using pip install it gets installed for python3

Yeah, pip points to python3 pip now.

You need to install pip for python2 specifically if you want pipe for python2. If you're writing code, stop using Python2.

It's for the wreath🤐

Shouldn't need to install anything for py2

python2 -m pip install requests

Muir made sure of that, I thought.

Or whatever it's looking for

Thanks

Yea but I didn't have urllib3 module installed

It should be a python3 exploit

I deferred judgement to see if it would be a problem. If pip isn't working for people I'll see if I can convince offsec to let me put an updated copy up

Right?

It's a python2 exploit unfortunately

I mean it worked for me

Straight out of the box Kali 2021.whatever

That's why I deferred judgement -- it was working for me on a new install too

pimpmykali does a good job in making python2 work

after using it i had no issue at all either using pip2 or python2 in general

How do I include part of a paragraph inside a class in HTML?

For example if I have <p>Hello <strong>World!</strong></p>

this will make "World!" appear in bold, and I want to do this but with a custom class

typically you'll use a <span> tag

https://www.w3schools.com/tags/tag_span.asp

exactly what I was looking for, thanks a lot

I mean I'd just do

p strong {
   font-weight: bold;
}```

It's fine, @cursive orchid solved it, I was asking for a different thing but dnw

Is it possible to add a client side cool down on a button with DJANGO / JS? I currently have them sign up if they want to do the form but would like to add a cool down for extra measures

you could use setTimeout?

@FirstclassBusinessCat#8535 This sounds like an advert.

This also sounds incredibly sketchy.

@FirstclassBusinessCat#8535

And they're gone?

.rank

                                            {% for obj in notify %}
                                            {% if request.user.username == obj.username}
                                            <a href="#">
                                                <div class="notif-icon notif-success"> <i class="fa fa-comment"></i> </div>
                                                <div class="notif-content">
                                                    <span class="block">
                                                        {{obj.msg}}<br></br>
                                                        <br>{{obj.time}}
                                                    </span>
                                                </div>
                                            </a>
                                            {% else %}
                                            {% endif %}
                                            {% endfor %}
``` Sorry about the formatting, anybody know why this is giving a "Invalid block tag on line 68: 'else', expected 'empty' or 'endfor'. Did you forget to register or load this tag?"

@thorn finch any ideas? 😄

Remove the else line @surreal bronze

Invalid block tag on line 68: 'endif', expected 'empty' or 'endfor'. Did you forget to register or load this tag? @thorn finch

:(

{% if request.user.username == obj.username %} @surreal bronze fix this line

what needs fixing on that? @thorn finch

(The model does have "username"

you're missing % before the closing brace.

Where?

{% if request.user.username == obj.username}

ahh yup got it

my bad

thanks lol that went straight past me haha

TBH that looks like something your editor should catch. But then again I'm not that familiar with django templates or tooling to work with those.

😭

@thorn finch dont u love css formatting terribly

Hahaha I hate css

Oh you don't know pain until you do CSS in the task editor for rooms holy moly

No please god no anything but that

imagine how I feel

tryna compete with this whole fancy styling people are adding and I'm just face-desking everything

Although I gotta say

I'm very proud of this

That’s either a screenshot or 3 hours of work right there I can’t tell 😳

3 hours of work if you don't include the face-rolling over the keyboard

😄

Witch craft right there!

Once the room is out the colour will make sense

I mean you can probably infer just given by the screenshot...

I'm trying to permanently add a directory to $PATH, but the following is not working : echo "export PATH = /home/directory:$PATH" >> /home/.bashrc

What am I missing?

for what I have understood, by adding "export PATH = /home/directory:$PATH" to ".bashrc" I should be able to make it

try using quotes when exporting the stuff, might help you

# standalone export
export PATH="/home/directory:$PATH"
# As echo into .bashrc
echo 'export PATH="/home/directory:$PATH"' >> .bashrc

Nope, still not working 😦

Thanks for the answer tho!

what's the directory you're trying to add?

/home/kali/myTools

and i presume the executable you want to be in path is directly in that folder?

yep

🤔

are you on latest kali?

haven't checked but I think so

if you're on one of the newer ones unless you switched the default shell, you'll have to modify .zshrc, not .bashrc

run echo $0 and see what the output is

This is a zsh shell

yeah it is zsh

then edit .zshrc

still nothing

did you import it after modifying?

nope, how's that?

either restarting the shell or running source ~/.zshrc

welp there's your problem 😄

okay thanks a lot!

you need to re-import .zshrc after changes

it is now in $PATH hahahaha

thank you for your time

if I want to add an alias I have to do it in .zshrc too right?

yup

and re-import it afterwards 😉

any one help me out for penetration testing

what do you need help with @inner yarrow

I'm cross posting this in here cos it's relevant - Check the giveaway in #community-announcements

😮

oof, implementing ping in python is hard 😦

import os

os.system

You can always symlnk an executable to your ~/bin directory. It's a quick and reliable way allow accessibility without cluttering up env vars

Number(Math.trunc((some_float  * some_int / 100) * 100) / 100)

in my mind this part of code have to delete all extra numbers in fractional part, but i still get this:
can you tell me, why is it so ?
is problem in dividing by 100?

Truncating isn't the same thing as floor. Think about the data types involved and what the binary representation of the type is.

ok, i will learn more)

Ping means exactly what?

oh snap, are you trying to do layer2 packet crafting in python?

ICMP ECHO

yep, layer2

the RFC seemed easy enough

.<

i saw a blog about that awhile back, let me see if i can dig it up

I found a few

that might have been for py2

not a fan of the implementations I found though

py3 is different enough i wouldn't trust that info

are you using any pypi libs?

just socket or anything fancier?

just socket, but I think I'm going to give up and farm it out to the ping command 😄

have you seen this? https://gist.github.com/pklaus/856268

I can't guarantee any libs on the target

yeah I saw that

it's a pretty good implementation, i don't see anything that raises red flags

using it as a base

At that point, I'd write a C program and compile to static binary...

his structs are a bit off

Or go program

oh probably a better idea than python sockets

the C networking libs, if you have not used them, take some getting used to

no doubt

Just bear in mind, either way if you're using raw sockets you'll need root or capabilities

might be a good rust project though

not gonna lie, they were one of hte least favorite parts of my entire undergrad experience

I have the packet class, though I should unit test it...

if you are going to do it in c/c++ give the boost a spin

maybe I'll write it in Kotlin and use graalVM to compile to static 😄

runs

actually, is the C++ networking TS included offiicially in the standard yet?

haven't looked into the C++ standard is at least a decade

c++11 and newer has changed a lot

yeah I know

it doesn't look like the networking TS is rolled in yet

Pretty sure in what little C++ I do do, the vendor doesn't support anything newer than C++08

it's basically the boost networking lib, anyway

what version of what compiler are you using?

and the stl is banned

GCC 4+ supports 11

.... wut?

MSVC gods I can't remember

whatever comes with 2015

yeah, i wouldn't mess around with C/C++

MSVC compiler drove me crazy enough i swore off doing C/C++ on windows

oh that's vendor specific restrictions

as well

you aren't using that crazy IBM C++ generator are you? that thing is the devil

they include a homebrewed module system that breaks when you use the STL...

naw

basically these guys https://www.3ds.com/ made a rube-goldberg machine of a system

works fine as long as you don't try to do anything specific in it

w00t

❯ sudo python3 port_scan.py
DEBUG :: Payload: b'\x00\x08q\xc96\x86\x00\x00'
Host: 127.0.0.1 is reachable

❯ sudo python3 port_scan.py
DEBUG :: Payload: b'\x00\x08\xc5G\xb82\x00\x00'
Host: 10.200.86.200 is not reachable

works 😄

Now what will you do about machines that don't respond to pings?

include a flag to say **** you and scan the thing anyways

that's not what -f means?

oh snap, am i seeingthat correctly? you got raw hex strings to render correctly in py3? please share your secrets

uhh print(f"{bytes}")

it's a bit wonky

😦 last time i was doing BOF stuff, I couldn't get py3 to render correctly using b' or f""

had to step back to py2

oh the bof stuff is a bit wonky

I get it working a while back, hang on

you're a champ, write a blog on that. there are 3 COP and SIGs at my employer who would love to read it

haha

trying to remember where there was a bof recently

right it was for theseus

That'd better not be a spoiler for the room

you write to the raw buffer instead of using print

Because that room is no help/hints

that's to explore the bof

not to exploit it

I was editing it

to remove the bits

Might be best changing it to have a different offset

Oh, sorry 😅

ah yeah ok

Yeah, all good if it's not directly from the room 🙂

that might've been the actual exploit

looking at it again

ok key part for py3 is this bit anyways

sys.stdout.buffer.write(payload)

probably similar for direct to file

the rest seems to be all the same

Interesting. it should work for any raw buffer, then

yeah

and the whole time, we thought the point of using high level languages was to not do stuff like that

the print function probably does some formatting voodoo before shoving it out to the buffer

it would make sense - i know there is some kind of ascii/unicode pretty print going on

probably unicode

by default

yeah

to the terminal? probably utf-8

you can specify format as a positional arg IIRC

gods where did I find that bit about using raw buffers...

probably looking up BOF and python3 on google pointed to some forgotten stackoverflow...

https://stackoverflow.com/questions/46874058/python3-print-vs-python2-print

That needs a +1 for sure

yeah

I'll add writing a blog post on my todo list, or throw it to @grave salmon to update his BOF tutorial

👀

BOF in py3

or developping rather

There's a reason why I used python2.7

don't make me deal with encoding things

yeah but py2 is dead now 😄

anyways I didn't have to encode anything, I used raw bytes

b"<bytes go here>"

that's really the tricks, using raw bytes usually fixes everything

it's outputting to console or file that breaks things a bit

using print

I merely avoided using python3 alltogether in my tut because I wanted to avoid this discussion and actually teach the BOF process itself which is largely language agnostic heh

true, ok

can't be language agnostic if the most common language right now breaks the flow

write it in go :p

but that means go

technically you don't need py2 😛

write it in rust

C would probably be the easiest

write it in py3 but use raw bytes and propper conversion when printing to console

C would be easiest until you get to the networking lib

naw, it's use the raw buffer when printing to console

the possibilities are endless

sure, that works too

converting doesn't work

because print is wierd, and expects a string

and well.. because they ARE raw bytes

And their visual representations are kinda pointless...

ye

same thing if you try to feed a bytearray to find badchars, just make sure to use raw bytes in py3 otherwise you'll think everything's gone broken

yup

Might edit the line Python3 is fine, just make sure you encode everything correctly. That's outside the scope of this Tutorial, but feel free to play with it. to include "just make sure to use raw bytes and print things with stdout.buffer instead" on my tutorial... but I need to get working on the next tut in the series 😄

yesh

Checking forward slash if exist then create directory if not then text , Current code
if [[ "$string" == / ]] ; then echo "get word before forward slash make mkdir is there any way i can do that ?" ; fi
,. tee directory/text

hello

Hi!

if u have twitter pls vote i need to know whats more popular / preferred 😆 https://twitter.com/bee_sec_san/status/1375757277840470016