#programming

got some encoding issues

ntds = request.files["ntds"]
ntds_data = ntds.read().decode("utf-8")

print(ntds_data)

this works fine when i upload from my ubuntu machine, but not windows

wait

ok nvm looks like it is working now

https://www.youtube.com/watch?v=a0KozcRhotM

Guys i don't know if this is exactly the right channel for termux, I wanted to ask if you have any ideas on what projects I could do on vacation with termux in my phone
I already added youtube dl and the ability to download any video by just clicking share to termux
And i use it to ssh in to my nextcloud server

The best utility i see is using it for simple scripts or utilities like seeing what other devises are in your network

I know you can do that with nmap but it would be nice if there was a cli program to show the model of the device too based on their MAC addresses

hey guys new here

working on some API's , hope this channel can help me on some tips 🙂

I recommend getting a keyboard for your phone if youre going to use termux

Yeah I'm already in pain by using it 😂, but I'm on vacation and i want it purely for educational purposes and not anything serious

That's why I'm looking for any projects i could try

nmap would be great if it could show the model of the devices too since you can easily identify any weird behaviors

And i don't like downloading apps like fing only for that

Best way to learn more via your phone is probably watching videos 🙂 For example LiveOverflow etc.

Best not to scan stuff you don't own.

Being in vacation doesn't mean I'm not in my house 😂

Advice still applies.

I just want to replace applications like fing with simple commands in termux

Of course mate we all know that but there is no harm in trying out termux too

any terminal commands would also work on termux right, its just a terminal emulator just like putty/iTerm/Terminator/etc

It depends on if you can install the needed package

And if the command needs Saudi

sure, without packags you're left to the built-in commands it provides

but you should be able to run any TUI applications

Probably yeah

https://github.com/rothgar/awesome-tuis

Nice thanks i will check it out

What's the problem in scanning your own wifi network to find any suspicious devices?

As long as all the legitimate users on the wifi network are aware it shouldn't be a problem. But keep in mind that local laws and regulations vary a lot on these subjects.

so make sure you know about the ones in your country before getting yourself into trouble potentially

Some extreme example: https://edri.org/our-work/edrigramnumber5-11germany-bans-hacking-tools/

$password = Get-ChildItem -Recurse -path c:\users\Administrator\Desktop\emails\ -file | % {select-string -path $_ -pattern passwords}

this command look for string passwords in the specifeied path recursively. How do i make this to find the string passwords case insensitive and also that it gives me a match if its find half of the string like pass etc

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/select-string?view=powershell-7.1#parameters

you could change 'passwords' to a regex of your choice, in this case you're indeed only looking for exactly that string

so how would we do that

i am reading the microsoft docs about select string and regex

its going all over my head

Do the examples make sense?

few

it says that the value we specify to -pattern is a regex

so what do i pass there if i want the powersehll to find all strings like ,passwords,password,pass etc

sorry i am just new to powershell and AD\

How much do you know about regex and pattern matching?

I don't know the context. but, to meet your requirements this should work:
/pass[words]*/gmi

learning about regex is not something I'd recommend postponing, it will keep coming back both as developer and in analyst positions :)

https://regexcrossword.com/ is a nice gamified way to learn :)

and https://tryhackme.com/room/catregex of course

And don't forget regex101.com , very useful for testing and building search patterns.

I think I use regexr for that

Also a good one. Regex isn't something I enjoy much, I find any time I need to reach for it, I usually have to re-cover the fundamentals lol.

±

Can confirm, both those sites are great

I am biased but another great way you can learn regex is to contribute to PyWhat, we run into some advanced regex problems or you can do basic regex if you want https://github.com/bee-san/pyWhat

Also we provide mentorship if you get stuck or don’t know what to work on, a great project to contribute to and put on your CV or talk about when an interviewer asks “tell me about a time you worked in a team”! https://discord.gg/HswbH6N3D3 for the server, #what in that server and we can help you out :))

https://peixetlift.github.io/Command-Line-Rainbow

That might be the web site detecting that its a bot connecting to it

Just maybe tho

in python when we print from a list from a for loop..
example:

a = ['apple', 'banana', 'ball', 'bat', 'bag']

for items in a:
    print(items)

how could i seperate all the items with a comma

fixed it

a = ['apple', 'banana', 'ball', 'bat', 'bag']
print(','.join(a))

how would we achieve this if the list was integers?

fixed it ;)

a = [1,2,3,4]
print(",".join(map(str, my_list)))

just made it for fun

Several improvements to make: parameterizable user, target and word list. Threading as well

Fix the spelling

u could ask for input the username and host?

attempting spelling

F my english.

Command line params are better

i am looking for some one like u to tell me what improvements i should make improvements

thanks i will try em and update

Look up argparse or something to that effect

https://docs.python.org/3/howto/argparse.html

sys.argv

Here a gift :)

Naw, argparse is great

thanks will definitely try out em

This may also be useful https://docs.python.org/3/library/concurrent.futures.html

https://github.com/tqdm/tqdm an optional bonus

U can also use print("some", end=",")

So print adds , in end instead of newline

Or there is also sep

U can just pass array like print(*a, sep=", ")

Ig

The join is pretty good though

ig that depends on the size of data. Looping and printing (or writing somewhere) might be more efficient than joining strings.

Probably, though the spread operator is pretty slow as well

Joining is easier to read though

const arr = [1, 2, 3]; 
const appendCommaToVals = arr =>  {
  arr.forEach(val => {
     arr.indexOf(val) === arr.length-1 ? arr : val +=","; 
  });

  return arr; 
}
const newArr = appendCommaToVals(arr);  
console.log(newArr); 

This would do the trick in JS.

won't that add a comma after the 3 as well?

Edited to adjust for that. There's definitely a more elegant way of doing that, but I'm in work atm and that's just a back of a cig pack solution lol.

Yeah that's a bit of a mess

Of course there's an npm for that: https://www.npmjs.com/package/convert-array-to-csv

Got my head around it now I had a minute. This is a much better way of doing this:

const appendCommaToVals = arr => arr.map(val => !arr.indexOf(val === arr.length-1) ? val +="," : val); 
console.log(appendCommaToVals([1,2,3]));  

I still think that join is easier to read 😉

Yeaah, definitely comes down to preference.. I tend to avoid npm packages if I@m capable of writing custom code for something, and I tend to lean a little heavily on template literal syntax. But, that's just my approach 😄 .

depends on how complicated the thing I'm trying to do is with npm for me

Library code is great, but npm has taken it to an extreme...

For sure. I think I'm just very cautious of falling into the trap of using pre-written code too often and getting rusty when it actually comes to needing to do something custom.

Things like surrounding ecosystem (think Redux or Firebase or such when building in React) , I'll quite happily pull in though lol.

yup, if the data is known to be of reasonable size, join is better.

there is a huge difference between using std lib stuff and 3rd party

.join() is the most unchanging, most pythonic way of doing string concatenation. it's not like that NPM lib a few years ago that got taken down by a developer having a tantrum that caused a worldwide node outage

Tbh,all he wanted to do was print it, not convert it into string to manipulate/use afterwards

That's why i said sep haha

Does anyone familar with C# and it's delegate function callback with Winwdows 32API?

😢

the leftpad guy? or was it rightpad?

leftpad is the guy i was thinking of

yeah that was great fun

When that happened, I was super glad I was not working with anything node

same

Random question for you folks; does anyone develop their own exploits, scripts, shells etc, and if so, can you offer thoughts on things to consider in the process or getting into this side of things?

I've created a few automation scripts.
Not sure what you are looking for but it's usually:

• Come across something
• Think I can make it easier
• Make a script through looking at modules and what I need etc.

If its something I have time for and I know i'll make it better then i'll take a shot at it

for any repetitive tasks within reason ill either try to script it or make an alias, for linux scripting the only real consideration is getting comfortable with bash -- which is a very easy language to learn

I do plan to pick up some powershell and bash skills very soon.
At the moment, I've been aliasing a repetitive task to a fish command, but eventually I'd like to look into things like exploit creation etc.

If I have to do a thing twice, I will write a script for it. DRY is the primary rule I use for all kinds of programming, not just scripting

Yeah, DRY is life.

for exploit creation you could look at something like pwntools, which is more geared towards binary exploitation -- also be careful with non-default shells (zsh, fish, ksh) because syntax/commands will vary and break, I just use bash across the board for consistency

I'll definitely have to take more of a look into bash and bash scripting soon then.

I have access to a premium pluralsight account via work, so chances are I'll hit that up for that.

Im new to this so, what is DRY?

Don't Repeat Yourself

Oh..

Well that is awkward.

The only programming that I am fairly aquainted is Python

ahhh T.T

DRY basically just means that don't repeat same code again and again, like of you want to do something multiple times, then write a function/loop for it instead of writing same code again and again.

Not a language specific thing

just like a basic principal

Even if it's literally just being used twice, stuff it in a lambda function 🤷‍♂️

Repeating your code is tedious, and also makes you significantly more likely to introduce bugs down the line. Not worth it

Ola, does someone has an advanced free question on C++ programming?

questions*

maybe a site?

I am struggling to get my head around discord.py. How do you go about learning new libraries in general? Difficult question to answer briefly but maybe someone has some advice!

I just struggle until I get it 😦

Hehe yeah! I Guess thats the solution in the end!

I find the best way to learn is to just do it

If it doesn't work, you research why it doesnt work

Now you've learnt how to fix it and something new

Repeat

Yeah, makes sense. Thats my trajectory as well

Anyone know of websites similar to DVWA that I can host? I'm building a web app vuln scanner so the more websites I can test the better

also if you have to modify it somewhere, chances are you'll have to do it everywhere, in which case it's better to only have to do it once...ok that made sense, right?

read the API docs and pray that they're up to date and/or correct

(That's what I meant by adding bugs)

also experiment

unit tests are a good way to play with an API to see how it works

Thanks man. Its a bit overwhelming to read and make sense of.

Gave +1 Rep to @brazen eagle

hence why I added unit testing later. write a test against what you expect the api to return and see if it works

piece by piece

it's always a divide and conquer scenario

yeah! Thanks for the advice. I am going to dig into it

if one conquers one i guess it will become marginally easier over time

Making a script in Bash that I want it to detect which desktop environment i'm using. Is there a recommended way to do it? Using "ps -e |grep kde" or something like "echo $XDG_CURRENT_DESKTOP" or something else?

I'd probably trust the env var

javascript - how come the middle msg still prints last even with timeout 0?

is there a hard rule that all synchronous code will run before any async code will?

@plain path , in this case, the order of operations is affected by the callstack (queue of when things will run) .
Your code here will parse top to bottom and follows this logic:
Line 1 - synchronous, run immediately (and as it's simple, no blocking process to wait for)
Line 2 - Okay, it has a timeout, which is an asynchronous operation, but it's set to 0... so let's add it to the queue to be invoked once everything else is dealt with
Line 3 - repeat of line 1

Once those are done, it looks at the queue and goes "oh, wait, I also have this operation under the set timeout to run, let me go do that now".

pretty much, Javascript is wierd sometimes

so p much what I said

thanks lads

why is the syntax " throw new Error('blabla') " ? I mean looking at this would have me thinking its always gonna throw an error since theres no conditional, no catch block

it would only reach that part when not having hit the return statement right

oh thats right

my nad

once it returns it stops the rest from running

in this way theres no conditionals necessary, makes sense

thanks chief

Another way to look at this one, is yes, once it hits the return you're exiting out of the function, but also a ternary approach of "if this happens then this, otherwise, throw a new error.

To explain that, another way to write that could be:

response.ok ? response.json() : throw New Error('request failed!');  

yep makes sense, thank you

Gave +1 Rep to @glossy iron

guys which one better progamming for cyber security java or python?

Python for scripting.

Knowledge of Java is very good though

oh okay thanks

Learning the core concepts of programming is a huge bonus. Means u can quickly pick up other languages and have the ability to read most languages and get a general idea.

This x 100.
Try to learn concepts and transfer them, rather than learn just a particular language;
variables, primitives, arrays, objects, classes, loops, all that sort of good jazz.

Once you've picked up these basics, you'll find you can comfortably switch between languages as needed (or pick up a new language much faster, as you're only learning the syntax of those concepts in that particular variant). @thorny meteor .

okay got it thanks

Gave +1 Rep to @glossy iron

Go Channels are so cool

@stone kayak what are go channels

yeah i know i just spent 2 days of my job learning about them but i dont know

you shove stuff into them

and the other side receives them

like a train i guess

are they part of golang @stone kayak

sounds like a queue

yeah i guess

The race conditions on them suck 😦 I definitely prefer managing my own buffers and locks

kinda

race conditions u say

i havent even looked at them

i dont think i can have a race condition in my code anyway

its like 1 channel

and it just updates a variable

it's not a real race condition

I just don't like how I can't really check the status of the channel buffer

the buffer size of the channel is one of those things that seems like it gets really awful really quickly, if the type is anything other than a primitive

sending results back over a 2nd channel is really the thing that seems like it's slow

Can't even verify it because the go profilers are total garbage

Aren't those like coroutines?

Still not sure I understand how go works though

Channels are essentially threadsafe queues

They can have a capacity, and read/writes will block if there's no room or nothing to read

Gotcha

Checking the number of items in a queue is a bit messy though

I suppose the point is that you don't really care

Kotlin has a similar concept iirc

Honestly, it's a great structure if you plan around using it.
It's made threading much more accessible for me

But if you misuse it or don't plan properly, you'll get slow or messy or buggy code.

It's also not nearly as transparent as writing an atomic queue.

To be fair, I've spent maybe an hour messing about with go channels. the goroutine structure doesn't map 1:1 to threads in other languages, which isn't bad. It does make planning threads a bit more messy from what I can see

How can we whitelist applications. I am working in a project of making an online exam platform, in that a user should be allowed to switch between applications which are allowed like Excel app for accounts calculation. Any suggestions on how to code this feature

NSA K8s Hardening Guide https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES HARDENING GUIDANCE.PDF

Online? You're not going to be able to control anything beyond the browser.

How can we detect that, so that user will be warned

You can't. The browser can't see.

But there are few online exam portals like ekalavya

You need a custom, locked browser @placid goblet, but even then those are ludicrously easy to bypass

Only way to prevent cheating is proctors

pretty much

Any suggestions of C/C++/Python hacking libraries?

There aren't really hacking libraries per se.

Yes, but maybe something that I get started with?

Python cookbooks are a thing, I think.

Ok, I'll check

Hey, anybody here have a good grasp on K8s?

A few of us have worked with it... what's your question?

I have a dockerfile / docker-compose, which were working wonderfully before, launching a local author instance of the CMS I need.

A colleague of mine prepared a k8s manifest for deployment, but now after merging, when I run my ususal docker-compose build && docker-compose up from the root of my project it launches a local public instance instead ( while I need an auth instance ). To clarify, I kind of know my way around docker but have almost no experience with k8s

But I don't really understand how that is is possible, as I'm not running k8s right now? My own dockerfile and docker-compose havent changed. Do you know if it's possible that changes would somehow be picked up from the k8s manifests?

I can't really find the reference where k8s would decide to launch either local or author

maybe my author instance is actually running somewhere on some port... hmm

Are you using an image registry for k8s to pull from?

if you launched with kubectl apply or similar, then k8s will create the resources

not 100% sure if I understand the question correctly, but we have downloaded a webapp of this CMS with maven, and then wrapped that in an image and set config in the dockerfile. So I'm not pulling the image off of dockerhub for example

right

so do you have a registry, like nexus or quay or even artifactory?

I have several pom.xml files with the dependencies in there

that's not what i'm asking

pom.xml is maven stuff

so the typical (ideal? best practice?) workflow is to have some kind of image builder

docker build or buildah are common. Then docker push or skopeo copy depending on your toolchain, to get the image into a registry that your k8s cluster can access.

Then the YAML file for your deployment can be applied

okay, thank you. I have some googling to do now 🙂

my colleague is in a different timezone unfortunately, hehe

I strongly suggest not messing with k8s internals, unless you don't care about breaking the cluster. It can be pretty fragile if you mess with a KubeConfig into a bad state

Yeah, I mean, I don't even really need it to progress with local development. I just need to find out why the public instance runs instead of author

If you aren't pushing the image to a registry, or telling k8s to use the local docker-registry instead, then you are launching docker instead of spooling up a k8s Deployment.

This is also kind of a shot in the dark, as I have no idea what commands you are actually running

I understand, this kind of thing is hard without context, no worries

thanks a lot for taking the time!

You welcome

Ola, How can I execute a .py file on linux , like nmap that I can just type 'nmap' and then just fill up some properties and just hit enter a run it?

you need to first make the .py ile executable by running chmod +x file.py, and you will also need a shebang at the top of the python file so it knows where python is

to find where python is located, type which python (or which python3) depending on version

then at the top of your python file do (but replacing with the location of your python)

#!/usr/bin/python

print(1)

thanks, I'll try that

any rooms for linux ???

there are many, what do you wish to know?

Hey just a quick question here which layer in the OSI model is a UDP flood attack targeting?

Layer 3?

3 and 4 , iirc.

If I'm understanding what a UDP flood attack is purely by it's name, I'm going to go with it's a denial of service attack by sending the server or application more data than it can handle.
In this case that will mean directly sending many packets (frames, at this layer? 🤔 ) , in quick succession, handled by the transport and network layer.

Gotcha thanks @glossy iron

Gave +1 Rep to @glossy iron

I'd guess closer to level 4 though

Hi all
Need some advice on which backend framework to learn between Spring and Django, aiming for a fullstack position(In the US)
I have 3 years of development experience, mostly in Java. I have worked with Spring boot and servlets, but not very proficient in them.
I dont have experience with python outside academics and CTFs
Regarding jobs, I prefer to work at older/mid-sized companies mostly, not startups
Should I continue on the Java ecosystem with Spring Framework or should I learn python and Django?

Been a when since I checked, but I'm pretty sure most Django positions come as part of a larger data science gig

*while

Or ML

Not a SE so I could be wrong

I see a lot of jobs for Springboot, but not a lot of newer projects. Do you want the new hotness or stability?

As much as I dislike java applications from the infra management perspective, there are a LOT of java apps out there, and they all require engineers.

So spring boot and Django are two completely different beasts for completely different use cases. I'm sure sure how scalable a python based web service will be tbh

What exactly manages how many users can be on my website at one? I have max 50 and after this no one can access the website, is it because of the hardware or are there any settings?

hardware is one factor, how fast the server can process requests is another

Are you self hosting?

yes

what exactly from hardware?

CPU, memory, network capacity/speed

sometimes disk

the software used to host can be another limiting factor

network could be the problem, I don't have the fastest one

Is it a static site?

how do I know this?

I have created it with wordpress

then no

@cobalt kelp are you sure your self hosting, your not using the WordPress hosting?

I have my own server with apache and I have put my wordpress website on it

Hey, has anyone seen something like this used in programming ? some special characters ?

could be shellcode

this is something i found on webserver which have login on source code

it's for password as i understood

if password doesn't match it just gives me alert

Hi

i have data like so:

[
    (537, 'Apple', '2021-08', '4bc2c030b3dad292edg23213cb089a11', 'another_pass', 'LM'),
    (538, 'Apple', '2021-08', '1bea7e93eb02719c87f72aeaaf822988', '', 'NTLM'),
    (539, 'Amazon', '2021-08', '45b4a8759f42df7f45655a75673c7585', '', 'NTLM'),
    (540, 'Apple', '2021-08', '5b9d1afcc9784729add5b1a41f2cb2c0', 'oop_cracked', 'LM'),
    (543, 'Apple', '2021-08', '1bea7e93eb02719cu7f72aeaaf822988', 'cracked_pass', 'NTLM'),
    (544, 'Amazon', '2021-08', '45b4a8759f42df7f45655a75673c7585', '', 'NTLM')
]

and i need to find every company that ISN'T using LM hashes, but i can't figure out how to 😔

so in this instance it should just return ['Amazon'] because they are the only company without LM hashes

MapReduce

https://towardsdatascience.com/a-beginners-introduction-into-mapreduce-2c912bb5e6ac ? 👀

MapReduce, as an algorithm will get you the outputs you want

At a higher level explanation, it's a transformation to create associative data based on keys

in this case, i'd create a map of algorithms, and each algorithm would have an associated list companies that use it

Im looking at it from a near-future perspective, say 1-2 years from now, which one would be more in demand

There are a lot of really cool features in Django - but it has not yet seen the adoption that Springboot has in industry. Go with what you feel, if you want stability, Springboot is it. If you want the new hotness that may not take off, that's Django.

Ola my old friends, What’s the equivalent of Variant Template in C++ on C#?

thanks

Gave +1 Rep to @magic falcon

def useListener():
    try:
        Listener = input(Style.BRIGHT + Fore.YELLOW + "\033[4mK1B0R(\033[0m" + Style.BRIGHT + Fore.RED + "Listener" + Style.BRIGHT + Fore.YELLOW + ")" + Style.BRIGHT + Fore.RED + ":> ")
        return useListener()
    except:
        'null'

framework = input(Style.BRIGHT + Fore.YELLOW + "\033[4mK1B0R\033[0m" + Style.BRIGHT + Fore.RED + ":> ")

if framework == 'use listener':

    listen = useListener()

    if listen == 'set LHOST':
        HOST = input(Style.BRIGHT + Fore.YELLOW + '\033[4mLHOST\033[0m' + Style.BRIGHT + Fore.RED + ':> ')

    elif listen == 'set LPORT':
        PORT = input(Style.BRIGHT + Fore.YELLOW + '\033[4mLPORT\033[0m' + Style.BRIGHT + Fore.RED + ':> ')

so im making an advanced reverse shell and listener for CTF's this is just a snippet of the code but what it is supposed to do is when you type "use listener" it puts you in the listener section where you can set your LHOST and LPORT. i want to make it where when you do "set LHOST <IP>" it sets IP variable as the LHOST and it calls back to the function "uselistener" and puts you back where you can input another option in the "listener" input so you acn for example do "set LPORT <LPORT>" but when i try to use any of the options like "set LHOST" it just doesnt work and calls back to the function any advice?

where are you setting the values?

What do you mean?

@nocturne wedge

your useListener() function is recursive no matter the input

meaning it will keep calling itself and never exit

which is why you keep getting the K1B0R(Listener):> listener output after attempting to set a variable

Yes but i want it to where when the user puts their input for set LHOST and set LPORT work for ex when user sets their lhost it calls back and allows user to out another input for diff option "lport"

How can i do that?

yes i understand, i'm writing something quick + adding comments so you can understand

Thank you so much if you can please continue this in dms

sure thing

How do I make THM dark mode? I'm no html or css expert (yet) I study mostly at night and want the white background to be something else.

Get browser extention called "Dark Reader"

I was afraid you'd say that. I'll look it up, thank you.

Hey there, I have an elf executable when running it gives you two selections 1 and two. I want to write a python script that runs the executable and go over the selections

Anyone has VS2019 themes (or styles)?

what db is going to be the fastest for dealing with millions of rows of data?
https://docs.sqlalchemy.org/en/14/core/engines.html#supported-databases

it's only gonna be 5 columns, all strings if that matters

also another question

my webapp has a file upload, and i read the data with request.files['file'].read() which works for small files but when i tried with a huge one it broke the app, i assume because of this:

If you want to use standard Flask stuff - there's no way to avoid saving a temporary file if the uploaded file size is > 500kb.
what's the best way to do this? just save the file to disk, do what i need to, and then delete it?

NoSQL for sure

@cursive orchid you want a key:value NoSQL database such as Dynamo DB https://aws.amazon.com/dynamodb/

the key:value provides O(1) lookup (provided it doesn't hash to the same key)

maybe also https://www.mongodb.com/

I use DyanmoDB for the search-that-hash API

this all depends on the type of operations needed.

Hey, is there someone very advanced in PHP language ?

Ask your question

Any C# programmers around who are willing to commit into looking into my problem, whatever that may turn out to be, even if it's not actually related to C# or if someone doesn't know anything about C# could actually answer my question?

No.

Also checkout this -> https://codeblog.jonskeet.uk/2010/08/29/writing-the-perfect-question/

fyi the person who wrote it is 1# all time on stack overflow)

It's a fantastic guide for asking good questions

i will keep that in mind for next time i do something thank you 🥺 but i've got it setup using sqlalchemy now and would be too much effort for me to change it all

Gave +1 Rep to @stone kayak

@cursive orchid I'll add in that the O(1) that Bee is talking about could be significantly dependent on disk access speeds. Super slow platters O(1) could be slower than O(log n) on NVME SSDs. Honestly, database engine really won't matter with that small amount of data. You don't really start to see problems with access speed until your app starts to thrash the heck ouf of the DB with many lookup requests. Your dynamic page tool will likely be the biggest bottleneck in your app regardless of which backend DB you pick.

You could look at the database Discord is using to store messages and all that stuff

If I remember correctly, it was Alessandra or something

oh it is Cassandra

With that little data it might be feasible to have it all in memory.

Yeah, a couple million rows isn't too bad - what will really kill performance of the RDB is table structure and indexing.

Yup. and the kind of queries is what matters as well

If it's just key to value mapping, it's simple. Practically anything will do. If there's filtering or whatever based on the other fields, that might get heavy.

  s.bind((self.options["LHOST"], self.options["LPORT"]))
TypeError: an integer is required (got type str)```

any fixes?

is this python?

yeah

just gotta know this quick fix because im releasing a project for beta access for some people and it needs to be done like rn x3

let me see

what's the error

TypeError: an integer is required (got type str)

^ this?

The error message is pretty clear. The types you’re feeding to the function are incorrect. You need to do something to correct the types.

we need to add int

the IP address or the PORT are both integers

or tbh, add a float cause IP addresses are in the form of xxx.xxx.xx.x

Float don't have format like 10.10.10.10 lol

IP shall be string

And port integer

Yup, bind takes a tuple with string ip and int port as its argument.

That is NOT a float. IP address octets are always a string.

You can represent IP addresses (at their core) in binary as a 32bit int, but if you want it formatted like that then it needs to be a string or special type

You can in theory store it as a 32bit float, I think I've seen some crazy things there

I'm far from saying you should

Ah oki

IPv4 addresses

That's the only type that matter

I guess you're using IPv6 daily although you don't notice that

(Mobile networks are mainly IPv6 in the core)

IIRC some ISPs in the UK have really broken support for it

My first year university accommodation broadband had horrifically broken IPv6 support, had to be disabled

A lot of end-user deployments of IPv6 are broken.

Hello, I need some help with the github3 python libary, getting this error AttributeError: 'NoneType' object has no attribute 'repository'
But when I go to the documentation, here https://github3.readthedocs.io/en/master/narrative/repositories.html?highlight=.repository
The attribute shows it right there
I have my access token, and the user set. So I'm not sure what is going on

Could you provide the code? @wanton merlin

It's the one from the Black Hat Python book

Gimme a sec

https://nostarch.com/download/BHPCode.zip

The author doesn't provide a github repo, he just provides the zip file for all the code

Ill look at it when I get home but from what im getting from the error msg it seems it's not assigned to anything - e.g the variable is like {}, [], '', None

Oh wait I'm so dumb xD

def github_connect(): with open('t.txt') as f: token = f.read() user = 'user' sess = github3.login(token=token) return sess.repository(user, 'bhptrojan')

that's the part of the code that spits the error

Okay, the login clearly failed because sess is a none type. I believe it's not getting the proper token, so check -> print(token) and see what happens 😉

Alright

BRUH I FORGOT TO PASTE THE TOKEN XD

Haha no worries 🙂

Alright, it works perfectly now, thanks haha

token may also be scoped to the with open() block; python it shouldn't but sometimes python does weird things if you leave it up to implicit scope

As a matter of best practice, you'd be better doing that with environment variables instead of a file read as well @wanton merlin

What do i have to do for the iterate part? (via Python)
"MD5 hash a string and remove the last 16 characters of it. Iterate this process 50 times."

import hashlib hash = input("enter ur hash here: ") out = hashlib.md5(str(hash).encode("utf-8")).hexdigest() print(out) identifier = out[:-16] print(identifier)

for loop I presume?

A while loop could do it as well

Thanks but i want the exact syntax

like main and while < 50

Google it 😉

I know 😄
but can't find a good solution for it

for i in range(50):
     <code here>

doesn't need to define a main

for i in range(50): main rest of the code

This structure makes no sense.

Please pay attention that i want to MD5 the out[:-16] 50 times

It needs to iterate the out[:-16] 50 times

MD5 hash it and remove the last 16 characters of the hash. Iterate this process 50 times

Please don't iterate with the main entry point in a loop. That's one of the worst possible practices you could ever learn.

like MD5 the input hash
remove the last 16 characters of the hash
MD5 again the hash with removed character
x 50 times the above process

Are you familiar with slicing?

yes

Done 🍺

.typewriter {
  width: auto; 
  display: inline-block;
}

.typewriter p {
  background-color: inherit;
  font-family: 'Montserrat';
}
/* This is from CSS-Tricks.  Useful, but i don't know how to build that myself yet */
.typewriter span{
  font-size: 1.2em;
  font-family: inherit;
  padding-top: .5rem;
  color: #4AF626;
  width: auto;
  display: inherit;
  overflow: hidden;
  border-right: .15em solid white;
  white-space: nowrap;
  margin: 0 auto;
  margin-left: 10px;
  margin-right: 10px;
  letter-spacing: .18em;
  animation: typing 3s steps(50, end),
    

This was a portion of the code for the typewriter effect.

Hey guys, I'm new to bash scripting and I'm wondering how I can make this script print the last 20 characters of the variable "var" containing the named "value"

#!/bin/bash

var="8dm7KsjU28B7v621Jls"
value="ERmFRMVZ0U2paTlJYTkxDZz09Cg"

for i in {1..40}
do
var=$(echo $var | base64)

if ($var == $value && $var -gt 113469)

then

echo $var | tail -c 20

fi
#<---- If condition here:
done

nvm got it

You know, it really annoys me when people say 'nvm I got it' without showing what they got. Also use ``` blocks to post code.

Is anyone here good at python linked list?

I need some help

Pls

just ask your question

I need help for crreating a method to retrieve an element from a specific position:get(i) or even llist[i]

Sorry for that question im just learning with linked list

Are you writing your own implementation of a linked list?

If yes, think what you know of the list, and how you can traverse the list.

Hint: typically you know the head node of the list, and the next node of the current one.

Im so totally confused of that can you give some example sir?

Yes im doing sir

You have a reference to head of the list. If using indexes, it’s typically referred as index zero. The next one is index 1 and so. So you’ll need to traverse each node until you reach the wanted index.

like 1 -> 2 -> 3
and i type:
n = 2
llist.get(n)
Output: 3

is this what it is?

C:\Users\Default.DESKTOP-E4GVIF1\Desktop>python -i test.py

llist = LinkedList()

fn = Node("A")
sn = Node("B")
tn = Node("C")
llist.head = fn
llist
A -> None
fn.next = sn
llist
A -> B -> None
sn.next = tn
llist
A -> B -> C -> None
el = 1
llist.get(el)
'B'

Yes

Thanks

See https://realpython.com/linked-lists-python/ for some pointers on how tou typically do this with python

Does anyone know how to call a win32 api function in python with ctypes if one of the function's arguments requires a pointer to a struct? For example, DuplicateTokenEx requires a pointer to a SECURITY_ATTRIBUTES struct, which I think is declared in Windows.h header file, but I don't know how to access that declaration through ctypes.

hello, im following a tutorial on writing a linux debugger in c++ and i ran into this:

auto get_address() const -> std::intptr_t { return m_addr; }

i understand that the function gets the contents of m_addr and returns it as an intptr_t but im not sure what the arrow does in this context

is it just specifying the type as std::intptr_t for the auto keyword? id assume that wouldnt be necessary since the variable itself is typed the same way

It's a C++ trailing return type it was introduced in C++11 and mainly allows for more flexibility when using generics the auto just says that the return type will be the type of the expression after -> so this can essentially translate to just

const std::intptr_t get_address() { return m_addr; }

ok. is there any benefit to doing this instead of auto get_address() const { return m_addr; }?

Not really you just have to ensure you're using a compiler which supports C++14 and type deductions

ok thank you!

Gave +1 Rep to @hollow tangle

Np 👍

another c++ question: in the tutorial im following, there are includes specified in a cpp file. im also writing headers that are included in that cpp file and use the types from those includes. however, when im trying to use those types in my headers, my editor (vscode) keeps saying they are undefined unless i explicitly include them in my header files. i noticed that the code for the tutorial doesn't have to do this. is vscode just not realizing those includes are there and it's actually fine?

for example, main.cpp has

#include <string>
#include "myheader.h"

when trying to use std::string in myheader.h vscode will say it's undefined unless i add #include <string> to myheader.h

Each .cpp file you write will usually include any number of headers - what you're describing is the intended behavior of compiling a C/C++ program. The headers need to be included otherwise your code won't know about the libraries you depend on.

There are some tricks to reduce how many times you need to type out the included headers, but as a beginner that will be a bit mind blowing to walk through (as most new concept in C++ tend to be).

ok good thanks. you're right a lot of the c++ concepts are pretty foreign. im pretty experienced with web dev and know some of the basics of c/c++ but i dove into this debugger project and its a lot to unpack

Gave +1 Rep to @magic falcon

any good resources to learn js for pentesting? Ik that s a pretty dumb question but I just think that the materials on w3schools (for example) don't help me at all with what I wanna learn.

@full delta what aspects of JS are you trying to learn particularly? I'm a fountain of (mostly) free resources for that ecosystem. If you're able to identify which aspects you'd like to focus on / particular tasks you're looking to carry out that would help a lot.

I want to learn to do XSS

(idk if the answer is good enough)

but I guess I need to master the front-end Javascript before this

I worked in JS but I didn t do any frontend because I hate it. I did some NodeJS projects (server-rendered) if it's relevant.

I mean, JS is JS is JS. It's one of the good things about the language; once you understand it's fundamentals, it's more about then using those to do what you need. JavaScript can be as basic or elegant as you like it.

it s pretty hard to remember all of the methods and the ways you can do DOM

I strongly disagree. JS is a limited-use language, and the syntax is extremely simple to pick up. JS also has a lot of corners that are nonsensical, and the type system in it is a flaming dumpster floating down a magma flow. From a programming standpoint, picking almost any other language is more beneficial in the long run.

That said, JS is applicable to niche use-cases, such as XSS.

I'm not sure I'd call it limited-use anymore tbh -- not once you factor in Node.
It's so common for webservers these days, plus every second desktop application seems to be Electron just now

The rest is accurate though

I agree, but if someone wants to just run some XSS and things like that, if they don't alreay know a language, JS is a good place to start.
For sure, it can be usurped rather quickly, but the ecosystem is rather vast, meaning that if you need to do something, chances are there's already a way.

And of course, if you want to get into type casting etc, you can't go wrong with TypeScript.

Typescript at least has a moderately sane type system

Yep, and interfaces are a dream to JS.

JS: interwhat?

Mucking about with prototypes always felt really dirty to me

I still think Node is a bad implementation. There is a lot of work that Node has to do to validate the security of their packages and package manager - I cannot in good conscience recommend Node for anything except hobby use-cases.

Node is terrible

No JS engine, to my knowledge, has any concept of namespacing, which makes it a non-starter in my view.

Npm is worse

i forgor what interfaces are

I must admit, I'm a little blank on the whole namespacing space, haven't really hit a "traditional" language that uses them yet.

Deno looks interesting if you want a JS engine

are those the empty classes that you inherit?

I know a few people who have hopped onto the Deno bandwagon. Haven't had a great look myself yet, but losing the node modules is a great start.

Does JS even support namespaces?

I don't think it does.

I suppose you can use classes

At a laymans level, it's like creating templates for objects, types, classes etc in JS, can be very very useful; TS itself does take a little picking up though.

Wrong reply?

yup 😅 .

Are JS classes actually encapsulated though? The lack of namespacing means that every new import raises the possibility of a name collision. I don't want to go down that rabbit hole in a security review or accreditation audit.

No idea, there's a ton of very odd behaviour in JS

Oh, I don't disagree that it's not very nice. That doesn't mean that it's not widely used, or used for many different things though.

That's fair - even if it's widely used, though, I think I'll stand by the statement that it's more mis-used than used. Mainly due to the poor organization and management practices surrounding the entire toolchain. Any time a developer approaches a security engineer and opens with 'I have a project in JS....' that's the same feeling I got during my studies when a business student approached me and opened with 'I have an idea for an app.... It's like facebook but for [group of properly represented humans]'

I mean, I can't disagree with that one. It's not the nicest language to work in, and it's easy to make mistakes...

hey all, just joined

do we have any subs where we discuss tools? im looking for something that would fill and submit forms better than cypress

What for?

im trying to see what else is out there

Yes

Well ofcourse but how thats why i posted

if youre more specific than 'better' then im sure somebody can suggest something :) What about cypress is not working for your projects?

im looking for a battle-tested framework for writing page objects and describing workflows for testing web apps

right now iv been doing that myself

for example... submit this form and expect either an error or a success page in the response

and do something else for each branch

it'd help when trying to investigate form submission workflow

I have a Lambda function which requires to be zipped (as it contains a library) before deployed.

I want the following workflow:

1. Commit to GitHub Master
2. CD automatically builds and deploys the Lambda

What is the absolute easiest system to achieve this? 🙂

You could use the lambda CLI and just the commands to zip it right? @stone kayak

That's what I do every time I make an update

In what CD?

also it'd need an AWS role which may be one stpe further than i want

There's already an AWS role for it btw

for example, an AWS native product I'd be happy with it having my root role but CircleCI not so much 😅

I can do it in Concourse but I don't want to spend time setting up Concourse 😅

Oh this article looked interesting

https://blog.jakoblind.no/aws-lambda-github-actions/

@stone kayak

Like selenium?

        # Starting Socket Server
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        # Binding Server
        s.bind((self.options["LHOST"], self.options["LPORT"]))

    s.bind((self.options["LHOST"], self.options["LPORT"]))
TypeError: an integer is required (got type str)

any fixes been at it for a while

...convert it to an int?

tried that

nothing

😂

man if you can figure out this problem like actually imma mail you a cookie ive tried soooo many things

Print the content of the thing you're passing in. If it IS actually an integer, then try parsing it into that type before/during the call

as i had said ive been at this problem for a long time now and havent stopped so my brain is technically mush at the moment can you please send me a snippet of what you mean of the code that i had provided i will also sennd the call aswell

class Listener: # listener class to house everything related to listener
    def __init__(self):
        self.options = { # available options to be set by user
            "LHOST": "",
            "LPORT": ""
        }

well, if you're passing in an empty string, there's your problem

no....

def useListener(self): # listener terminal 
        listener_input = input(Style.BRIGHT + Fore.YELLOW + "\033[4mK1B0R(\033[0m" + Style.BRIGHT + Fore.RED + "Listener" + Style.BRIGHT + Fore.YELLOW + ")" + Style.BRIGHT + Fore.RED + ":> ") # get input
        parsed_listener_input = listener_input.split() # split the input into seperate items in a list for easier access
        command = parsed_listener_input[0].lower() # setting the first item of parsed input (most likeley "set") to a seperate variable

        # checking the executed command

        if command == "set": # if set is used
            variable = parsed_listener_input[1].upper() # set the variable chosen (Either LHOST or LPORT) to the "variable" variable
            value = " ".join(parsed_listener_input[2:]) # set the value you specified to the "value" varaible
            if variable in self.options: # validation that the value exits
                print(f"{variable} -> {value}") # outputting the variable and value set to it
                self.options[variable] = value # actually setting the value specified to the variable name specified (LHOST or LPORT)

        elif command == "options": # if the command is "options"
            print("\n".join((f"{option} -> {value}" for option, value in self.options.items()))) # output all possible options that can be set with the "set" command

        elif command.lower() in ("run", "exploit"):  # potentially start the listener (i don't know what you want to do with this)
            self.startListening()

        elif command == "exit": # option to exit the listener function and return back to the main terminal loop below
            return 0

        # repeating input

        return self.useListener() # recursion allowing the user to keep giving inputs to the LISTENER terminal if they so choose to

    def startListening(self): # start listening function that you can potentially use when starting the listener

        # Starting Socket Server
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        # Binding Server
        s.bind((self.options["LHOST"], self.options["LPORT"]))

there is a bigger snippet

if the error is on the s.bind() line, do a print() just before it, of the two things you're passing in.

what is the contents? (or use a debugger/IDE, if you know how)

contents?

user inputs lhost and lport

contents of the things you are passing in- LHOST and LPORT

set lhost 127.0.0.1
set lport 1234

thats it

the error is on the s.bind() line, yes?

mhm

just before that line, do:
print(self.options["LHOST"])

and same for lport

K1B0R:> use listener
K1B0R(Listener):> set lhost 127.0.0.1
LHOST -> 127.0.0.1
K1B0R(Listener):> set lport 1234
LPORT -> 1234
K1B0R(Listener):> run
127.0.0.1
1234

ok

but no listener

error is :

TypeError: an integer is required (got type str)

okay. So look carefully are the two values you passed in

do they both look like integers?

yeah?

well, the second one is. But we can rule out that being the problem by passing it in as int(self.options["LPORT"])

but look at the first one, the IP

that's not an int

ok can you just gimme the fix for the line then or do you just not know how because if thats it thats oki broskie 😂

'```python
s.bind((self.options["LHOST"], self.options["LPORT"]))

go find what the s.bind() method actually wants as input

but anything with more than a single decimal point is not an integer 🙂

i know do you know what is? 🙂

a string 🙂

not actually

which is what your typeerror is telling you- it sees a str

in certican cases it requires a ||tuple||

"it" being what?

the current line and what it requires to make the statement work or function propperly or work in general

you're being very vague

 s.bind(tuple(self.options["LHOST"])), (int(self.options["LPORT"]))

but if the s.bind() method wants a tuple, pass in a tuple. Look up the docs for the method

    s.bind(tuple(self.options["LHOST"])), (int(self.options["LPORT"]))
TypeError: AF_INET address must be a pair (host, port)

without knowing the method signature, I can't be of more help

I don't know what bind() wants as input

you gotta find that out, then convert your input to that format

lol yea

but less of a pain?

Anyone ever have this problem with PyInstaller?

Command used :
pyinstaller --onefile --console test.py
Error when running test.exe:

Error loading Python DLL 'C:\Users\test\AppData\Local\Temp\_MEI24682\python38.dll'.
LoadLibrary: The specified module could not be found.

Question: an executable program or object code would be like Facebook the application itself correct? What the user is interacting with? Technically the rolled out end product?

Can you refine your question a bit? It's not clear what you are asking.

What is the difference between object code and source code

I think I found my answer now 😊

I was experimenting with heroku to run multiple types of application in a Free dyno and I made it to work and wrote a blog post about it. So feel free to give it a read and feedbacks are welcome.
https://medium.com/@aritrachakraborty_74303/running-multiple-webserver-stacks-in-a-heroku-free-dyno-f8b36eb79b9f

(yes the art is mine )

Damn nice work on the profile picture

Wait

I think im looking at the wrong art

Hey

I mest up my terminal

I was upgrading python

and now my terminal won't open even from vscode

https://stackoverflow.com/questions/68784920/python-upgrading-leads-to-terminal-not-opening

I opened this

and I was wondering if I could get some help here

So...

please

I can't do anything terminal-related and my life is basically that

Control+Alt+Fn, try a few different ones, see if you get a tty

I can't thank you enough

You back in a terminal?

yeah

now it opens normally

I undid the changes

Great

U should post the solution on stack overflow incase anyone else run into the same issue

Oh wait nvm

!docs verify

sorted now

thanks

Questions about rooms generally go in #room-hints or #room-help

Iirc that question was a weird one

@surreal bronze can I dm you?

sure

Thanks @brazen eagle! Actually, I've posted my questions in #room-hints . Maybe admins of that room moved my question here. No idea why that happened. I've deleted my messages here.

Gave +1 Rep to @brazen eagle

would love if someone could help me figure this out

i'm a noob at programming

i'm trying to make a Caesar cipher decoder

# input a text to decipher
crypt = input("Enter your Caesar text to decipher: ")

# alphabet to decode from
alphabet = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
            'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']

# make a split function and split the text into separate characters
def split(text):
    return list(text)
chars = split(crypt)

# make list for indexing the characters into #'s and add them to the list
cryptIndexed = []
for letter in chars:
    cryptIndexed.append(alphabet.index(letter))

j = 0
while j in range(26):
    j += 1
    i = 0
    while i in range(len(cryptIndexed)):
        cryptIndexed[i] = cryptIndexed[i] + 1
        if cryptIndexed[i] == 27:
            cryptIndexed[i] = 0
        i += 1

    print(cryptIndexed)

    k = 0
    while k in range(len(cryptIndexed)):
        print(alphabet[cryptIndexed[k] - 1])
        k+=1

basically a caesar cipher is the alphabet is shifted x amount of times

so ABCD could be BCDE etc

im trying to print all 26 possible iterations

it works but when a letter gets to 'z' it will print z twice instead of going back to 'a' with the way i have it set up. -1 == 26 basically so that's why it prints 'z' twice

i have tried a lot of things but can't figure out how to make it work. would appreciate any help 😁

this is in python btw

maybe you should make it a circular loop

using % operator

.

can you explain? a bit more

ow.hey

i got it

if cryptIndexed[i] == 27:
cryptIndexed[i] = 0
i += 1

reverse this

i += 1
if cryptIndexed[i] == 27:
cryptIndexed[i] = 0

to this

it should work

.

increment this 1st and then chwck the condition

i get this error

ow

oh

that was bad

even if we add try and except???

am not sure it will work

hmm

yea i don't think that's right

i think you were on the right path with this

i'm just not sure how to do it

yes. but I never tried it on python

and not sure about that

i mean how to do that

just check out circular loop or somthing

ok i give up for now lol

time to slep

good night

Theres a lot of optimization that can be done here, I also suggest writing tests to verify your code

I'd also use modulo arthmetic to get your index

I agree with Hydra. It's also a much more common operation to use modulos on the index to overflow, than to use a stored value from the array. When I end up doing textual manipulations similar to this , it's almost always worth it for me to use the unicode or ascii value of the symbol. that conversion is well known and usually faster than repeating a search over and over to get an index from data definition structure.

i have a simple question,suppose we are creating an array or vector in a language like C++,are the values that we give to it stored or allocated in RAM?

Array gets allocated on stack, as the size is fixed and can be determined at compile time.
Whereas, vector gets allocated on heap, because it's ability to grow/shrink comes from dynamic memory allocation.
On RAM? Yes, everything has to be on RAM, RAM isn't appropriate term for this question ig.
plz correct me if wrong

thanks for the information

Gave +1 Rep to @remote echo

You can technically store an array on the heap as well

We can, but we have to manually do that

C++ won't do it for us

vectors are technically arrays though

Well yes

Yo guys, if I am manually making a picture with the bmp file format, the colors being only 1 bit deep pixel size 32x32, that means the file size should be 8 right?

Considering (32/8) ×2

Or do I need to add the header size on to this

Which I am guessing

Hey guys, can I ask how this is encoded?

Nguy\elec5n means Nguyễn

Incorrectly? JSON should be unicode as is, not with python escaping of unicode characters.

You'll need to add the header

It may be coming from a system that doesn't handle Unicode properly

I see, thanks

Gave +1 Rep to @solar hull

Or using default python json.dumps()

That may be one case, yes

will this code work?

Run that

It's been 30 min. To get a reply instead u can just run the code and try if it's working or not

Doesn’t work

I already did that

@tiny meteor

Nope

Did u looked how read works?

It only need the variable to put the data into.
If you want to show that prompt of "Please enter ... " You have to use -p

just Google read in bash and all that comes up u know

Please votearino 🙂 https://twitter.com/bee_sec_san/status/1427897649634713600

And this one lol https://twitter.com/bee_sec_san/status/1427903374163431428

yes

I found out how it works

now my script is working

What happens if I vote yes in both?

i write it in both and let the user decide

im sure they care a lot

A binary choice between Go or Rust might have been less work for you

"would you like the ice cream made in Manchester, or the ice cream made in Whitby?"

"I don't care give me ice cream" - Every user

Also the question is supposed to be "should i switch away from python?"

Ternary choice between Go , Rust or just keep it as it is i.e. Python.

That is true, but if you gave pros and cons of each ice cream producer/ seller, then users would have a little more reasoning in their decision making:)

@lilac holly would you stop posting commands designed to crash people smh

!rule 17

Rule 17: Do not intentionally mislead others with malicious intent, especially should this misleading end up in destruction of property or otherwise damaging. Things like rickrolling are still allowed, just don't lead someone to damaging their computer/system.

ohh sorry!!!

but this will not crash lol i was workin on a project at that time i encountered that terminal wont print anything but is fully functional

You mean it won't cause the terminal session to fill up with a ludicrously big number and die until it's finished..?

yess

u can try it on VM if u want to make sure, BTW i am doing it on Windows 10

-undelete -a

ummmm..?

Okay, well, at least Python handles it Okay *sigh*

Still not hugely helpful, but I'll grant you that it's not malicious

also my phone was printing that without any crash or freeze am still thinking whats wrong with my lappy 😫

i was solving the xxe lab on portswigger's web security academy,here's what i don't understand: how would i know what is the xml input here which needs to be altered for our benefit?

Probably by intercepting requests

I was doing the ninja skills room with bash scripting

Is there some way to use a file as inputs for a .sh script?

In the script i do
read var
is there some way to assign var pre executing with ./script ?

Printf input | ./script resolves my problem

Guys i have coded a program like dirbuster in python, Is there a way to install and launch without Path

For example when i'm launch dirbuster i Just write dirbuster

I think you should add the path of the script to the $PATH variable

@pine barn Cool, thank u man

Gave +1 Rep to @pine barn

Run it from it's direct path?

Or move the script to /usr/bin

^

Also

You can make an OS level package like a .deb which handled path stuff for you

I Need to study for this

Heads up developers. Tomorrow I will be posting the development roles available at my organisation in #jobs-board . These include some React, C# / .Net things, so if you're interested keep an eye out tomorrow PM UK time 🙂 .

Should probably symlink instead

Sorry for the noob question: what s symlink?

Symbolic link

It's kind of like a shortcut in windows

Look up the ln command with the -s option

function greaterThan(n) {
    return m => m>n
}
let greaterThan10 = greaterThan(10);
console.log(greaterThan10(11));

help me understand how the second line works

greaterThan returns a function that takes in a parameter m and checks if m is larger than n provided as a parameter to the original function.

The let line assigns to greaterThan10 a reference to a function that returns true if its parameter is larger than 10

The second line return m => m>n uses a lambda construct.

so if we dont assign a name to the function then it acts as a parameter to the original function?

oh

you can rewrite it like this if it helps u understand:

function greaterThan(n) {
    return function(m) { return m>n }
}

now when u run greaterThan(10) because of JS closure u get a function retutned something along the lines of this:

let greaterThan10 = function(m){ 
  return m>10 #(from the closure) 
}

the first function is called second order function. Closure is awesome, i suggest u read it a little.

My friend describes Rust as C programming done properly, how accurate is this and why ?

The goals of the languages are similar, but the approach on how it is done is completely different. C pretty much allows the developer to do anything, Rust requires you to jump through hoops to do anything that the language developers have considered a stupid thing to do.

Guys i want sharpen my python skill, do you have some ideas for tool i can create? Maybe no too complex

I have already created a dirbust like tool

Check the pins, I think there was an image that had a bunch of ideas

Make a port scanner

Or implement ICMP echo/echo-reply from scratch

cool idea

Bonus objective, use command-line arguments properly and add a help function

Also use classes

Bonus bonus objective, add a progress indicator and multithreading

Thats a lot of bonuses

multithreading or asynch?

I would suggest either buying or just looking over the contents of black hat python. It will give you a bunch of ideas for python hacking tools

https://nostarch.com/black-hat-python2E

cool thank you i have a bonus for studend 500$ to spend in book on amazon or library

Gave +1 Rep to @clear needle

I'd prefer async, but it boils down to the same thing

Just the async manages the thread pool for you

IIRC async manages context switching in a different way - more event based and less reliant on the process scheduler

I need to run a script with python, not python3. theres a module missing but when I try to install it with pip, it says its already installed @ the latest version, but obviously for python3 not python

how do I tackle this

its CVE-2019-9053 SQLi injection

Sounds like you need python 2

First, install python2.
Then, run: curl https://bootstrap.pypa.io/get-pip.py --output get-pip.py
Finally, type python2 get-pip.py

throws the same error when running with python2

After that, you will need to use python2 -m pip <module name>

am I being an idiot or what

lmfao

Read the error:)

yeah I thought it needs to be ran in python2

still lost

pepehands

I installed pip 2.7 to try to get the module (termcolor) through there and no luck

Hmm, did you use python2 -m pip <module name> to install termcolor?

Screenshots

-m pip install module

I knew it looked incorrect, sorry 😄

so im running the lower pip version with python2 to run the script, and I still cant get the module, im guessing because its completely stopped being maintained?

I have both pip versions

the latest one and the one in the warning

they arent compatible

are older scripts always this much pain in the ass to get to run? or is it just because I dont have enough experience with hunting down dependencies / missing modules

You can edit the script to remove the dependency, just work out which functions it is

It's just used to print output with colours, it's not important for the functionality

Can be replaced with print()

Yeah I thought about that, but looking for a more sustainable solutions to when this happens. Cuz other scripts I also have problems with missing modules sometimes, and more often than not its something imperative to the function of the script thats missing so I cant just take it out. hence why I would like to learn how to solve these issues without altering the script and instead installing the dependencies successfully

pip is for python and pip3 is for python3, so how come this happens

Sometimes that is not possible.

It's not, pip is usually python3 now just like python is python3 now.

Dependencies can change; this is one of the reasons that I don't install any python libs outside of a venv.

That command for python2 is wrong.

aaah

python2 -m pip

yea that works but the installation throws an error

So you can't install the module unless you fix that error. So you got a choice.
Fix the error, or remove the dependency.

Installing a lot of modules outside of a virtual environment can sometimes cause conflicting dependencies. Troubleshooting that is like digging through a burning dumpster.

hahaha thats some wisdom right there

Should learn to use venvs properly one of these years

When I am working on something that needs 3rd party modules, such as from pypi, I always create a virtual environment to run them in.

Same with writing any python scripts or programs. Virtual Environments have saved me days of troubleshooting when different things I'm working on require incompatible versions of libraries.

I dont have enough experience with dealing with dependencies, yet. Do you mean when two things require the same library but a different version of it?

Idea:
Include in contributors.md:
"Include the word "banana" in your PR if you read this, else your PR will automatically close"

Write a bot so that any PR that doesn't include the word "banana" automatically closes with "please read the contributors file"
https://github.com/marketplace/actions/check-pr-for-word

🧠

A dependency is an external item required for something to run correctly. This could be source code libraries, modules, or other files. Each individual dependency (e.g., termcolor) may have it's own set of dependencies; and so on. You may hear this sometimes called the 'dependency tree'. Sometimes, a dependency on one branch will require version Xd of module X, and a different dependency, sometimes not even related to the first dependency, requires version Xe of module X. Since both versions are required by different parts of the main program, this is the conflict.

aaah right

so theres no way to get them to work at the same time out of the box

It's more common than one would think, because modules are all maintained by different groups. Installing enough modules, and the likelihood of a conflict becomes almost a surety; usage of virtual environments restricts the number of modules that are reachable by the project and decreases the likelihood of a conflict.

because using VMs you can always wipe it easily and install whatever is required in that moment?

a virtual environment is not a VM

a VM is an entire OS in a sandbox

the virtual environment is a set of python scripts that basically pre-pend to the PATH system variable to ensure the virtual environment is the first place the python interpreter looks when trying to resolve dependencies and resources.

this has been very helpful though i dont understand it 100%. really appreciate it

on a related note, how come the scripts themselves dont mention in the code comments what version of python/perl etc. it is? am I supposed to just guess based on the syntax? for example this one I was dealing with https://www.exploit-db.com/exploits/46635

or is it up to the author of the script to include version info?

Syntax is a big clue; prior to Jan 2020, python was assumed to be py2. You can use the publish date to infer which version of python it is

got familiar with virtualenv and its starting to make a lot more sense ^^

so does the word "python" refer to the latest version by default?

It should point to python3

right

Unless you don’t have python3 installed

how do I set the defaults for python and pip

Jabba is right. Prior to Jan 2020, /etc/alternatives/python was usually a symlink to py2. Now, it's a link to py3.

For python, a good indicator for version is the print statement. Py2 doesn't require the parentheses

Of a script anyways

I see

It has do with a fundamental change in py3 from py2. In py2, print wasn't a function call. In py3, it is.

right its a built in function

idk squat about py2

/shrug Or you can try running it in py3 and see what breaks

I solved it with sudo update-alternatives --config python

on a somewhat unrelated topic but still python...how does python sustain itself? I understand its a programming language anyone can use, but like...how does it sustain itself? the people developing & pushing out new versions, where do they get the money to keep doing what they are doing? I mean so much depends on python it is no joke, but its open source, right?

is it just people passionate enough to contribute without compensation?

the whole economics behind programming languages seem a little disconnected from todays cutthroat capitalism

the lads who invented C should be billionares if it made any sense

major programming languages gotta have people working on it full time, right?

i'd assume some projects get donations, An while being someone who's fairly well with coding could an may lead you to many job opportunity's. With opensource projects it's a collaboration thing consisting of the public at times for help if not most times. So it's not like ten people constantly working day an night (you may have the few who do it full time) so it's easier for people too live a normal life

Python itself:
Google, Dropbox, etc hire Python developers to work on the language and pay vast sums of money to the core team

Python developers: We don't get paid please donate money to us it is slowly crushing us xoxo

It could point to either, that's the problem

Good code will say either python2 or python3 explicitly

To heaven.

Actually, python to me is like a /root to me. Others are just /tmp

So big corps are dependant on python being pushed forward?

technologically speaking, I mean

not pushed forward as in marketing or w/e

A lot of big open source projects are funded that way.

Yes, they pay a lot of money. And in return issues and features are added that they want

Typically there is a foundation that is funded by corporate interests and user donations. Apache is a great example of that.

https://www.python.org/psf/sponsorship/sponsors/

and other corps can then leverage those features that google etc. paid for?

All the python foundation donors

Yes it’s open source

right, thats what im asking. doesnt seem like the most competitive practice

Other times, the 'upstream' FOSS project is a publicly-available version of the more stable corporate version.

FOSS?

This second model is what companies like Red Hat and SuSE use for their products.

Free Open Source Software

ah

Some projects also have corporate hosted versions like elastic search

It can be a pretty complex ecosystem

Mark Zuckerbergs charity is a corporate sponsor of python haha cute

Rancher, Google, AWS and Red Hat all their own flavors of kubernetes, as another example. The differences between EKS and vanilla k8s are pretty minimal, but something like OpenShift has a lot more involved to set up.

interesting

I think it's not that simple. PEP394 has recommendations on what is executed when python is run, but not everyone follows them 🙂

I just did a fresh kali install with the latest weekly image and when doing python --version it points to python2... kekw

Kali left that for backwards compatibility with the million-and-one Python2 exploits. Don't expect a pentesting OS to follow best practices 😆

...or Apple

Ola, can someone help me understand what is offsets in assembly? (I know about segments, but I can’t get the idea of offsets)

Does CyberChef have Normalised Entropy? Specifically Shannon Scale Entropy divided by the information length?

I can't find normalised, wondering if there's some cool macro or something for it? 🤔

Sounds like a PR

Hi guys

I'm new to bash programming

May I ask what this code does? I mean, when I run it, nothing happens

FILELIST=`ls` FileWithTimeStamp=/tmp/my-dir/file_$(/bin/date +%Y-%m-%d).txt

oh ye im stupid, it just initialize a variable

Yes u are stupid

Jk

I'll take that

Its fine