#programming

Knowing how to script should be more than enough for what is being asked on your description. TryHackMe has a couple of room focused on learning how to script and applying it.

Well that would make sense, I will check out these rooms to see if I am interested in it. For scripting, does that require months of Python training or anything like that?

well...I wouldn't put it that way

Think of it as a spectrum

You can make scripts that do the job but due to the lack of knowledge of the inner workings of Python and some optimization tricks they might be...150 lines long. Right? Then after a couple of weeks learning new stuff, learning from others and working and practicing (leetcode (easy challenges) and HackerRank) you can now write something cleaner that accomplishes the same task in 30-40 lines.

Okay cool that makes sense, I will check out these rooms and lc and gauge my level

If you get stuck with something or have any doubts, please don't hesitate to ask here!

Thank you!

hey any website or book for a complete begginer?

The TryHackMe scripting rooms! 🙂

thanks

#start-here

So question lol
I use C# (.net and wpf mainly) to automate 80% of my daily life and server tasks. How pliable would it be to use say python to automate tasks in pentesting? Such as getting the nmaps, gobusters, etc with a single command? Anyone else mess with this kind of idea?
I'm a software developer/devops engineer professionally so the coding side of it I should have no problem switching over to python.

Context: For thm, I use kali running on a vm through my proxmox server

There are already solutions that do this 🙂

Autorecon (from Tib3rius) is the most common one

https://github.com/Tib3rius/AutoRecon

Nice. I'd rather use what's already made then reinvent the wheel 🤣

Thanks @tulip sail

Gave +1 Rep to @tulip sail

Ok this is pretty sweet. When get back on ill set it up and try it out

ugh shoot me now, I've spent the past 4 hours trying to get to grips with React and it's not working....

😛 been there

State issues ?

I haven't a clue, I just want to make a login page for now

And then store the token somewhere

Ah, like localstorage

Thank god i dont have to work with frontend that much anymore, have nightmares of my react/redux days 😄

Yeah though I'm trying to make my life harder by trying to use kotlinjs

And I'll probably use session storage

Hehe, well strict typing is all the rage nowadays and i guess you have the possibility to port it to typescript with kotlinjs?

If you want to make your life one more step harder 😄

https://www.youtube.com/watch?v=SGUCcjHTmGY

Soon we'll just have to write pseudocode anyway 🙂

That's so cool

yeah, nah

Hey all, not sure if this is the right thread per se but I'll start here since I came across this related to work, hehe 😉 I downloaded that Wappalyzer extention and checked it out a bit on projects I built myself. I have a few sites built on Magnolia CMS. Wappalyzer states; 'Instantly reveal the technology stack any website, such as CMS, ecommerce platform or payment processor, as well as company and contact details.'

Magnolia never shows up. I was wondering why that might be, and if anyone knows a bit about that? It looks to me like Wappalyzer scans the DOM / source and gets its info from there. I checked my DOM and sources in dev tools, there is no reference to Magnolia at all. Would love to know if anyone knows a bit more about Wappalyzer and otherwise, this may be a heads up that Magnolia CMS goes undetected heheh.

That's pretty common among front-end scanners. They can't really report on things that can't be extracted from the rendered pages. If the CMS name never shows up, all the scanner sees is the HTML, CSS and client side JS - it would be pretty tough to identify the backend when 3/4 of the extant systems use the same 4 or 5 front end styles or themes

Hey Juun, grats on your trial mod 😄 It's all custom HTML, CSS, JS, which is why the source is very clean. None of that messy wordpress like DOM, no Magnolia classes etc. It doesn't look like any CMS is used at all from the front. Thanks, that confirmed my suspicions!

I'd just check for version disclosure in Server: headers and try HTTP verbs that the server doesn't like, sometimes that discloses the version

Otherwise you're likely pretty good for information disclosure

thank you, I will check that tomorrow

Do you know any gamified platform for improving python knowledge and practicing more advanced topics than basic things like variables,loops ?

I have checked hackerrank, and I have solved questions until I got last star on both problem solving and python. But then I quit because it started being too focused on math

Depends on what you're looking for

Because most platforms where you practice advanced topics are university platforms and they're more take x input and get x output.

I wanna write my own tools in future and to do that I think I need to be better at python

https://binarysearch.com/
https://leetcode.com/
https://projecteuler.net/
https://www.hackerrank.com/
https://exercism.io/
https://www.codewars.com/
https://codeforces.com/
https://www.coderbyte.com/
https://adventofcode.com/
https://www.topcoder.com/

These are some awesome platforms to start studying though

Check some of them out and see which ones you enjoy

There's also these

Like, knowing threading and multiprocessing and practising about these would be very helpful I guess

https://www.codingame.com/start
https://play.battlesnake.com/
https://edabit.com/challenges

These are less competitive platforms

https://codecombat.com/

As I said I have already checked hackerrank and codewars. They tend to be math focused in my opinion

You won't find that kind of stuff gamified for now...you need to grab a project from an Awesome-projects list in Github (Just google "awesome python projects github") and start doing them. You'll have to google, read the official docs, ask questions over at stack overflow or the code review stack exchange.

there are a couple of advanced python books that can help with you that

I don't think that you would really learn about threading or async on a platform tbh.
That's a more "research yourself" type thing, especially as some of them can get really complicated and there isn't a way to gamify it

start off by reading "automate the boring stuff" by al sweigart. 100% recommended. I own my scripting skills to that guy literally. It helped me understand a lot of stuff.

Math programming for Python makes python so much easier imo

W3schools is good website also.

that covers more than python.

I studied Python for school and honestly, once you learn the basics, while it can be boring, I can pretty much make anything I want with a couple of minutes with the docs and some playing around.

w3 is my go to site when I forget syntax

Did you use python for security?

Not like usual math. For example game theory and coding of it

I created some tools, but it was just a general computer science course.
Sometimes when I need things automated I do it then and I fork people's repos to make their tools better lol

Ah! Python is boring like you said, once you remember what does what I can write. I'm doing a class next semester where I'll be using python for security, so I'm looking forward to that.

Have you finished the room python for security ?

Yes.

I see

that room needs threading

those are working pretty slow

I dislike Python but it is incredibly easy.
I think I might move to JS or C when I have the time to.

My lecturer advised me to move on to JS.

Why do you guys dislike python

😔

Have you tried codingame?

yep

Ok discord mobile, stop being dumb

I want C for making my own Kernel modules but JS is a bit better for web :p

Because it's so boring to do, it's like doing SQL.

wha

Python doesn't look beautiful enough

My lecturer had to give me additional tasks because I was ahead of the class.

Python is kinda slow.. lack of static typing makes big projects problematic…

Granted they would sit and play CoD etc than do the work.

It’s great tho for a lot of things

JS isn't better on typing tbh

JS is a dumpster fire

JS looks beautoful tho

I just use what useful for me

Lies

Truth

JS is bueulgul

That probably

@brazen eagle btw Isn't codingame for game devs ?

Nah

It's gamelike

I have done like 5 rooms and I was like "Okey enjoyable but why"

It's a lot of algorithms practice

Yep but they didn't seem to be hard to me

I thankful tho, thanks for recommendation

They aren't really, no

But it's good practice

Codingame gets challenging when you do competitive ai programming

If you want some specs to implement, try http://codekata.com/ or https://codingdojo.org/

Those are more open ended, so you'll have to test and verify yourself, then self-evaluate in a retro

I see, thanks!

Game of life is always fun for an optimization challenge

Actually I guess it doesn't matter what I do, they will improve my knowledge about python anyways

They'll encourage self research and experimentation

The key is practice, and also to try different things each time

What do you mean by different things, like different projects ?

Different ways to do the same project

Ah I see

👍

You dislike python?!?! Really?? but why??

Doesn't look nice

(he's never seen C)

kekw

Or JavaScript

true

anyone here good with C that would be willing to sort of mentor me in something? i taught myself C about 20 years ago in order to code a MUD. I never really learned pointers and memory etc at the time, but i knew enough that I could code my own functions and fix bugs (as long as they didnt involve memory)

fast foward to now, i know more about pointers and memory...what i would like to do is go through some MUD code like QuickMUD and find / fix exploitable code

as a way to learn the methods and processes involved in finding / fixing exploits etc

maybe do a mock writeup that details the bugs found and mitigations etc

<?php
$exec = system('shell.exe', $val);
?>

im not great at php. this is the entire code needed to make the revshell execute.

why does the system function need a second (arbitrary?) $val parameter
why does it need to be assigned to $exec variable? if thats a variable

why cant it be just:

<?php
system('shell.exe');
?>

have you tried that? I think you're probably right

https://www.humblebundle.com/books/programmer-advice-that-wrox-your-world-wiley-books

omg red spine books are in a hb

I havent but I will. still would appreciate input from any php connoisseur

I mean you can always put questions in here, but I'm not sure what you have in mind, modern C compilers (gcc, or frameworks like LLVM) have a lot of built in security mechanisms (unless you explicitly disable them during compilation) so even if you find a vulnerability, most likely the program will just crash... What types of vulnerabilities are you thinking you might find in the source code?

Maybe im not qualified to speak on this matter tho, my application security experience is limited^^

Hello can someone good at C help me spot a memory leak please 🙂

have you run your program through a memory sanitizer?

I am using valgrind right now try, but this is my first time using it. I think I know where the problem it is telling me is, but I can't see what the problem is

the function in question is

int * searchEveryOccurence(int * found)
{   
    int lastI = textChunkSize - patternLength;  // last index to be checked, any further len of pattern would bypass end of text array

    *found = 0; // count of found matches
    int foundSize = 0; // current size of found array
    
    int* tmp = NULL;
    int* foundArray = NULL;

    for (int i = 0; i <= lastI; i++) {

        int j;

        // For current index i, check for pattern match character by character, if at any point pattern does not match, break. 
        for (j = 0; j < patternLength; j++)
        {
            if (patternData[j] != textChunkProc[j + i])
                break;
        }
        // this check will only pass if starting from index i in text all positions match the pattern
        // patternData[0, ..., patternLength -1]  == textData[i, ..., i+ patternLength - 1]
        if (patternLength == j)
        {
            // need to make array larger
            if (*found == foundSize) {
                //need more space in the array
                printf("rank %d here\n", worldRank);

                foundSize += 20;
                tmp = (int *)realloc(foundArray, foundSize); // get a new larger array
                if (!tmp)
                    MPI_Abort(MPI_COMM_WORLD, EXIT_FAILURE); // if cannot allocate array abort

                foundArray = tmp;
            }
            // update the found array to store the index in the overall text at which this pattern occurs
            printf("found %d\n", *found);
            foundArray[*found] = calculateOverallIndexInText(worldRank, i);
            *found += 1;
        }
    }
    return foundArray;
}

and my valgrind error is

==32566== Invalid write of size 4
==32566==    at 0x10A33D: searchEveryOccurence (in /home/gg0h/csc4005/assignments/final_project/project_MPI)
==32566==    by 0x109730: main (in /home/gg0h/csc4005/assignments/final_project/project_MPI)
==32566==  Address 0x528b794 is 0 bytes after a block of size 20 alloc'd
==32566==    at 0x483B723: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==32566==    by 0x483E017: realloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==32566==    by 0x10A379: searchEveryOccurence (in /home/gg0h/csc4005/assignments/final_project/project_MPI)
==32566==    by 0x109730: main (in /home/gg0h/csc4005/assignments/final_project/project_MPI)
==32566== 

so I think I am writing an extra byte? but I don't see it

So this is for homework? You should be asking your instructor and TAs first.

no it's a personal project, I am trying to learn MPI

Do you turn this project in for a grade?

I have a related project to turn in 2 weeks from now, I am doing my own thing to become more familiar with MPI in the meantime. If this type of question is inappropriate I apologize, I will try to figure it out myself

Usually we don't help with course assignments, projects or assignments. It may be against your academic code of conduct to seek help from us without clearing it with your instructor for the course.

It's also cheating and can result in rather severe academic punishment

Hello guys, I’m having trouble with arrays

It does not work

Java

Try ArrayList, it’s more simple

Java arrays work fine

I wrote my array and it didn’t work

public static void main( String[] args)
int[] array = {32, 27, 64, 18, 95, 14, 90,
for (int i= 0; i< array.length; i++) {
String string = "%s % 8\n";
System.out.printf(string, i, array[i]);

What doesn't work? Errors? What happens?

You're not terminating your array, there should be a } after 90

{32, 27, 64, 18, 95, 14, 90, 70, 60, 37}

I see

every code I wrote worked only problem is the array did not work

You need to be more descriptive.

"did not work" tells us nothing. What happens? What doesn't happen? What do you expect to happen? How does what you expect differ from what happens?
We can't help you unless we know what's happening.

Exception in thread "main" java.util.UnknownFormatConversionException: Conversion = ' '

!docs verify

Follow these steps, then send screenshots.

Conversion exception should tell you something though. Where would a conversion happen in your code?

UnknownFormatConversionException is even more detailed. Look into that error.

Ok

You should be more descriptive with your variable names or you'll quickly get lost in your code

Hey, I'm trying to learn about scopes and lifetimes in C++ and I'm a little confused :
I have something equivalent to the following code :

int* createArrayWithTwoIntegers(int number1, int number2) {
    int resultArray[2] = { number1, number2 };
    return resultArray;
}

int main() {
  int* generatedArray = createArrayWithTwoIntegers(2, 3);
  int result[2] = { *generatedArray, *(generatedArray + 1) };
  cout << "First number : " + to_string(result[0]) + ", Second number : " + to_string(result[1]) << endl;
}

As far as I'm concerned, this code shouldn't work since resultArray is cleared from the stack when the function returns.
However, the code is indeed working and printing both fields of result. Why is this happening?

Look up the C++ documentation on the std::move() semantics.

tl;dr: when returning a pointer scoped to a code block, ownership of that data is moved to the caller, copying data if needed. IIRC it's not as efficient as returning a pointer object

That's C, not C++ @plucky helm

The semantics being asked about were specified C++, so I'm assuming C++14 or newer

I am sorry, juun
Have been working on some kernels lately, in C😅

Deleted explanation for wrong context

Yeah, no worries. C is just a proper subset of C++ anyway 😄

This semantic might be more clear if you use the std::array STL instead of returning a raw pointer

The issue is because resultArray is a stack allocated variable so that variable will only exist while the function is being executed however when you return, you are returning a pointer to that array since the stack frame will not exist dereferencing that returned pointer will technically point to invalid memory which is undefined behavior I know modern C++ compilers like g++ are able to detect that the reference is dangling and should segfault when the underlying data is accessed the answer to your other question on why you're still able to print both fields of result and those values still appear is because between the time you call the createArrayWithTwoIntegers function and when you print out that value you are not calling another function which will overwrite that memory if you were to call another function that has some local variables before you print out the result variable you will find that the values will find that the result variable will now become other data

Other compilers might handle this ub differently for example clang might find that you're trying to deref that memory and will attempt to keep those values

Yeah, you're right. That id properly undefined behavior.

It's also not very modern C++ to be dealing with raw pointers that way. Preferred style is to use the std::array because it implicitly supports move and move-assignment to avoid the undefined behavior

Formally, it is absolutely undefined behavior - relying on the compiler to make the decision is going to cause the 'but it works on my machine' problems that plague compiling code on different environments

Yes you should use std::array but it will return a copy of the underlying array idk if doing std::move on it will move ownership out (it should) or just create a copy implicitly

It would probably be best just to heap allocate it and return a pointer to prevent the compiler from making an unnecessary copy

Thanks to the three of you, I really appreciate that you spent some of your time on this

I got one more question regarding this explanation if you don't mind me asking.
When the function createArrayWithTwoIntegers ends its execution, the returned pointer is pointing to an invalid memory address; is this address empty because it got cleaned up when the function ended? Or is it written with resultArray and it "starts being a candidate to be overwritten" ?
According to your explanation, I assume it is the latter, but I read -out there on the Internet- that it was the first of those options (I'm not saying either is right, just asking to know what really is happening).

You've got the right idea in your second statement the data doesn't get "cleaned up" more so the data "starts being a candidate to be overwritten" like you said, it's honestly very difficult to effectively explain memory management without visualizations here's a video which should help clear some things up https://youtu.be/_8-ht2AKyH4

Fair enough, thanks once again!

Gave +1 Rep to @hollow tangle

Np 👍

hi

anyone good in java

Depends on the question, I suggest you ask it and see

hey evryone i made this really trash arpspoofer in python and i don't know how to make it better any help would be highly appreciated. Also i apologise in advance for the slight vagueness of the question.

Not sure what exactly you want to know, but what I like to do is accept parameters as command line args. That way you can use it like script.py target_ip=<ip> router_ip=<ip> mac=<mac_adress>. You could use argparse or something like click. I personally really like click as it's easy to use and has lot's of features (including asking the user for values if you don't specify an argument. That way you don't need to manually ask the user for input). Though I'm unsure if click is available for your python version as it seems like you still use python 2.x

Thanks a lot . I have python 3 in my other vm but this is an old bad so I'll try the things u mentioned and thanks again

Gave +1 Rep to @untold sage

I am a bit new to python mainly use Ruby and c

Looks like a good project then to learn more python

Yah I learnt all my langs through projects c through buffer overflow and Ruby with a RAT

practical learning is really great. I learned programming in a similar way 😄

Learning Click or any other CLI library is one of the best investments reward/effort one could do with python imo

yesss. my usual choice is click, and if I need something without external dependencies argparse

lmao I remember the first time I started doing cli stuff it was just a complete mess. Having to deal with all the flags and switches and parameters...better leave that to a library

ahaha yeah the first time I tried to just use sys.argv 😅

wrote a whole bunch of helpers to deal with it and it had so many bugs

i used system() in c lol

why is this so relatable

I guess it's part of the learning experience xD

there's picocli in Java 🙂

how did you make this? how do you use use kali linux commands in python code.

ik this is a very stupid question (sorry) but how do you open that console where you can write code and use cybersecurity functions'

You may have to be a tad more specific

Okay so I want to code python on kali linux, but I want to be able to use functions such as like ip, ARP,victim really anything.

How do I write hacking code if I have to write it in simple words.

When you reply please ping, thanks.

https://www.w3schools.com/python/python_functions.asp
https://www.programiz.com/python-programming/function
https://docs.python.org/3/library/functions.html
https://www.tutorialspoint.com/python/python_functions.htm

https://docs.python.org/3/reference/import.html
https://docs.python.org/3/tutorial/modules.html
https://realpython.com/python-import/
https://www.w3schools.com/python/python_modules.asp
https://www.geeksforgeeks.org/python-call-function-from-another-file/
https://stackoverflow.com/questions/20309456/call-a-function-from-another-file

https://docs.python.org/3/tutorial/classes.html
https://realpython.com/python3-object-oriented-programming/
https://www.programiz.com/python-programming/class
@fair blaze ?

nope

how did he implement cyber security in python

?

First they imported the modules

from scapy.all import *
from subprocess import call
import time

Then they defined the variables and got data from the user using the script

op=1 # Op code 1 for ARP requests
victim=raw_input('Enter the target IP to hack: ') #Input IP to attack
victim=victim.replace(" ","") # Use replace to parse

spoof=raw_input('Enter the routers IP *SHOULD BE ON SAME ROUTER*: ') # Enter router IP
spoof=spoof.replace(" ","") # Use replace to parse

mac=raw_input('Enter the target MAC to hack: ') # Get Mac of victim
mac=mac.replace("-",":") # Use replace to parse
mac=mac.replace(" ","") # Use replace to parse

Then they used arp

arp=ARP(op=op,psrc=spoof,pdst=victim,hwdst=mac)
# Looks like a predefined function from one of their imports, most likely scapy but idk

Finally, they sent the arp request using another predefined function from a module they imported

while 1: # Runs forever
    send(arp) # Predefined function using the data they collected earlier
    time.sleep(2) # Sleep to slow down the execution

you see how did they use arp, as i know that isnt in normal python

0h\

it comes from scapy?

yes

hello, does conio.h work in classic c or only in c++? because when I try to compile it, it give me an error of unknown type "class" (and classic c don't have classes). So is there a library of same type for classic c?

No idea what 'conio.h' is, but it seems you answered your own question. As for a C equivalent, you're gonna have to research that yourself I think (most likely it does not exist), but if the file is small enough, it shouldnt be too difficult to translate the class to a struct, and make functions that operate on the struct. Of course, you'd probably have to translate the corresponding .cpp as well

string Command = Encoding.ASCII.GetString(RecPacket) why is this 1 line giving me 12 errors

Now that's waaaaay too little information

-ban @lilac holly Posting literal malware - a trojan - and asking for help with it. Ban appeals are bans@tryhackme.com

🔨 Banned W1ldgl1tch#5280 indefinitely

LOL

gottem

Hi guys, question here. Is possible to type a command into another process with python?. I mean, I trying to do a brute force attack on a smtp with telnet, and I want to make a loop "for" into telnet process, like in this example https://book.hacktricks.xyz/pentesting/pentesting-smtp#rcpt-to

It’s probably easier to just do it with python network sockets

Or use a telnet lib

Are here any fellow Germans with knowledge in data analysis?

can someone why I keep getting an error with the following command sed -E 's/(^[^:]*:[^:A-z ]*([A-z ]+)|:[A-z 0-9]+:[0-9]+:[0-9]+)/\2/g'

trying to use regex to get a certain value from a string

hello i just joined which chat do i go to, to introduce my self?

#intros

Im not getting any errors in WSL, what environment are you running this in?

conio.h is a very old (ancient one might say) header file of MS-DOS C library back in MS-DOS C compiler days...the new compilers don't recognize them and there plenty of other header files that do almost all it did and more. For classic C <stdio.h> header file should suffice

Hey, I have a question regarding C and pointers. So if anyone is willing to help this is the question:
How do I make a program where you enter 2 elements and it picks the smaller one using pointers.

Is it an assignment for a course?

its a half assignment for school

and i know how to enter the elements using pointers but the picking between them i don't get

Can you not contact your TA/teacher?

not really in a position to

so i asked here to see if anyone knew

tried to find something on the internet too but with no success so far

The consensus here seems to be that we don't help with school assignments or coursework.

I think probably quite a few people know, but it feels like your school should provide the resources for you to be able to complete your task

ah got it

i'll find it out on my own then

ty

Do not get stuck in specific words. Think about what you need to achieve.

If, for example, you need to return or print a value, think how to get the value to that point.

will do, thanks

Gave +1 Rep to @solar hull

Managed to do it, thanks for the directions and help

Wonderful 🙂 And doesn't it feel better when you find the solution by yourself

Yeah

so picocli is pretty nifty

Hello, friends

This is a computer programming group, right?

"TryHackMe" but a few of us can write programs.

Wow, this is good

There's a number of professional software engineers, as well.

I have a lot of sympathy for them

and still feel no pity when doing pentesting 😉

Just write better code, smh

and remember the NIH attitude to avoid getting vulnerable software from other vendors/projects

The what now?

I'm trying damnit!

NIH: Not Invented Here syndrome

aka reimplement all the wheels

xD

how do I edit .bin file ?

by figuring out what's in it and modifying the file with tools fit for the purpose.

Or by using a hex editor.

Also being very very careful

I want to be friends with you

🤔

sometimes it's hard to understand what chat talking about

Hi

This is not the purpose of #programming . #intros and #cyber-and-careers are more appropriate for your cover letter. But we don't do blockchain dev here, you are better off trawling linkedin recruiters with that copy pasta.

🤔

Don't worry about it. Everything's fine.

Is python appropriate for writing tools(usable at daily basis) ? Or should go for learning shell or c++ or maybe rust ?

Yes

Everybody complains about python being slow

Do you think this is true ?

For 99% of use cases, it doesn't matter

Python code is very fast to write, and the execution is tolerable.

It's never going to win performance contests, but it'll get the job done. Unless you are processing huge amounts of data (in excess of 100GB) it will not matter

Okay, got it, thanks @magic falcon

Gave +1 Rep to @magic falcon

https://benchmarksgame-team.pages.debian.net/benchmarksgame/fastest/python3-gcc.html

It’s much much much slower at just about everything

yeeeeep

In human terms, it doesn't matter. Performance < usability

Pick the language that fits what you need to do

You'll write 1000 lines of python in the time it takes you to get 50 lines of C++.

So it's a basis of where do you want to spend your time

Premature optimization is one of the biggest pitfalls of writing a program to do anything.

Please. That quote is so abused. It was about micro optimizations, not order of magnitude improvements

And go is also much faster and about as easy to write as python

In my opinion, for most projects execution speed of the environment is irrelevant until the project actually requires performant code.

Setting up a go environment is a bit trickier than python, would not recommend unless someone has a mentor willing to hold their hand through the beginner phases

Maybe it's easier with repository versions of go; I've only installed it from github

In any case, I've voiced my opinion in response to @haughty horizon 's question. Alper, pick a language you think is going to do the best fit for what you have in mind. Every language has advantages and drawbacks; if you are new to programming those are going to be largely irrelevant until you run into the corners that illustrate the good and bad.

I am not new but not verryy experienced tho. I generally pick python but people love to feel superior just because python is easy to write

So I wanted to double check my path

thanks both of you for your answers

hey guys i am new to hacking

how can i start

Just to add my two cents to the eternal language debate, readability will trump runtime perf almost any time. For tooling, the difference between languages is almost negligible in any case, as performance is very rarely the top priority

You'll generally prefer a maintainable tool to one that runs 10% faster

Suuuuper easy from their website tbh, download, tar xtract, add to PATH.

I remember there being 3 or 4 different environment variables to set, with poorly defined explanations of what they should and why they were needed. Glad to see it's been made easier

search around on youtube for tutorials, freecodecamp is one of my favourite youtube channels to leanr anything tech realated check there video out

Newbies tend to have a much harder time with python than go cause of all the python2/3 and pip craziness

Also when python modules refuse to import

Then you have to learn to fix it.

Had that happen to me in a ctf.

Annoying as hell

anyone knows a unified2 spooler that actually works and writes into a mysql database?
barnyard2 doesn't wanna work for me

Which room is appropriate to ask web application exploiting question?

@haughty horizon also python is installed on most machines, so any tooling you write in python will most likely run without much issues. vs trying to do same thing in C or GO you don't have compiler on the machine so you have to do it local then figure out a way to upload your file etc...just easier to write a quick script in python and go to town.

Yes but at the same time I am having issues with making executables from python files. In my opinion this doesn't needed but most of the average windows users don't have python installed.

@haughty horizon yes but majority of servers are *nix and have python installed by default. If you are planning to stick with windows then I suppose you are correct.

Nope, but my friends use windows sadly

and companies

lol and you are planning to hack them 😛

your friends, not companies

I mean company workers

no no, just wanna share what I do

generally i would say learning python falls under the "doesn't hurt, and could help" category more so than Go or C

Yes

Python has an module specifically to compile to windows .exe formats

I have checked 2-3 different solutions but they don't seem to be working easily or normal

Would anyone be able to tell me what is wrong with this code?

Pyhton btw

I have made the same program before but in java

Feels like it should work but doesnt🤔

these are unnecessary

Actually

you use elif soooo first parts are unnecessary

and that else is wrong

The formula you're using for calculating the result is wrong.

try this one

w = int(input())
h = float(input())
BMI = w / h
if BMI <= 18.5:
    print("U W")
elif BMI < 25:
    print("Normal")
elif BMI < 30:
    print("Overweight")
else:
    print("Obesity")```

That'd still be wrong.

I don't know the formula

I am just trying to solve logic errors

and unnecessary things

your solution would solve one part - trying to calculate power of an uninitialized value (BMI). That's sure.

power of what

the BMI **= w / h part equals BMI = BMI ** (w/h)

Look at my code again

I didn't include it

Yes - you didn't have that, that was a problem in the original code.

Read again what I wrote above 🙂

w = int(input())
h = float(input())
BMI = (w / h**2)
if BMI <= 18.5:
    print("U W")
elif BMI < 25:
    print("Normal")
elif BMI < 30:
    print("Overweight")
else:
    print("Obesity")```

👍

Thanks for the help guys!

Really great info

That'll print them all

Wait elif strike my last

no, I tested

Yeah my bad

👍

do all windows services have some sort of .exe hiding somewhere on the PC?

or are they their own special executable?

yes

well, could be a batch file as well

Could it also be a powershell script?

yes

Services can be scripts? I know scheduled tasks can but I thought services had to implement servicey things

I’ll be, you can

I want to learn about async

Any recommendations

I am using python

Did you read the docs first?

Yes

Do you have specific questions?

Yes actually i want to learn how it's implemented under the hood

I don't want to predict and code 😅

In case of asyncio

Do u have resources which i can refer

Other than docs

And is it possible to access metasploit with python?

yes

using the os module you can

example ```python
os.system("msfconsole")

Hmmm

everything working?

Or do you want to execute a command from python to msfconsole without opening it?

@peak ermine

I want to automate the payload creation

hmmm

And also want to learn about metasploit

Metasploit will work with termux?

What are you using?

kali?

Ubuntu

OK

When starting msfconsole make sure some of your services have been started

such as postgresql

Hmm

do you have an idea to the terminal of linux?

Yes i know basic commmnd

ls,PWD and such

Cd

Kinda

Kinda😅

It will work in termux by the way

Lacking root perms kinda sucks

No low port listeners

I use virtual box for Ubuntu

In windows machine

It will work?

Yes

I’m having probs with my pycharm....I can’t import from my own file...Importerror

What’s the import error?

And what’s the file called?

And what code is erroring?

I’m trying to import the pizza file to the sheet.py

I can’t import another modules/files too

Try adding a . before pizza

from .pizza import pizza1

This works on the default IDE

Your setup also works, the only change I made was type to Type because type is already taken by Python @coral anchor

I think it's your IDE, personally I don't like Pycharm

I can now import my module but can’t make use of it...why is that?

The error

I appreciate this

Gimme a moment

Just at the store

@coral anchor Python imports can be confusing; it's one of the areas where I think the py docs could be improved. What is your project structure? Can you post a screenshot of how your relate to each other on the file system? Do you have an in __init__.py file in the module?

Ok

Yes I do have an init file structure....I posted the picture recently

This

It’s stressful

That does not show the project structure. Are all of your files in the top level of your project, or do you have a directory that your pizza.py file lives in?

Yeah it has a directory

Ok, so you do not have an init.py file to tell python this directory is a python module. That's fine, it's not necessary in this case.

Ok

What next

From the sheet file, you are trying to import the num list from the pizza.py file, right? So you need to do a local import, as Jabba said. You are using python, so use the auto-complete tool to help.

at the top of the sheet.py file, add the line from .pizza import num

Since you are not defining the directory as a module, the . tells the python system to look in the current working directory

PyCharm will likely throw an error telling you 'local import outside of a package' which is expected

rather, throw a warning

You can also get a list of potential auto-complete hints at any time with CTRL+SPACE

Yeah I can an import error message after doing this

Red or yellow squiggles?

Red

Post error please.

that is expected! because you are trying to import something that doesn't have a package

So what should I do

My recommendation is do some reading on python modules, packages and imports - in the near term, you need to tell python that this directory is a package

you tell it that by adding an __init__.py file

Here's a blog article that you may find useful: https://alex.dzyoba.com/blog/python-import/

Ok thanks let me check it out

Do they mean this??

@pine jungle
...

better ?

hehehehe

whats the best mobile app for learning coding?

I like sololearn for syntax and some concepts, but it's better if you already know a language and you're just learning a new one IMO

I would not recommend using a mobile device for learning how to code.

Hi! Where is the best practice to save jwt token?

Guys does anyone know a library that I can use to read gmails in nodejs kinda like easyimap( flask library)

for sensitive data such as emails, i reallyyyyy recommend interacting with the api yourself as you never know what packages are going to be doing under the hood.

you can see how to interact with gmail in node here: https://developers.google.com/gmail/api/quickstart/nodejs

SoloLearn, especially if you are short with time

Time is key when learning a programming language.

I agree, but some of us have to learn "on the go"

Not everyone has time to sit down and go through documentation

True.

Thanks will take a look at it

Gave +1 Rep to @cursive orchid

I completed the responsive web design part of freecodecamp's course

What tools have you created from scratch that you found illustrative or useful? I’m looking for some coding project ideas.

d

Ahh yes "d" a very useful tool indeed

I am considering starting my own SIEM open source system. The reason is asset management is crucial in security and nobody does it right. Censys is bad, Lacework has some strange bots and parsers... Weird mess.

Oh, and I would like it to be open source, ofc. It should bring you enough knowledge about your assets and also how they relate to each other

Be careful not to bite off more than you can chew

Definitely challenging but I'm tired to have to start this from scratch every time

All companies need it, nobody open sources it, and we (professionals) keep doing it over and over

Or buying crappy solutions

What is an siem system?

https://lmgtfy.app/?q=Security+SIEM

Thanks

let's try to avoid LMGTFY, it comes off as condescending

Sorry, that wasn't the idea. 🙂

SIEM and asset management are really two separate activities - knowing which hdd is active and in use is a very different activity than event logs

Indeed, but definitely connected

If you want to cross reference, sure. But Security should have at best audit access to AM tools, AM is usually done by a group that isn't security. Usually on-site IT or help desk

I usually focus a lot on AppSec because, well, that's what I work on. So, managing these type of assets is not IT or helpdesk responsibility. Plus, a 3rd party, is worse if you have the budget and team to build a custom solution.

Ok, that's fair.

Can someone explain me pls the jmp (short, relative) instruction? I swear I read the answers in stack overflow and still don't get it

For x86/32-bit, this is a 2 byte instruction, where the first byte is always EB, for short jump, and the second byte is the number of bytes before or after the current instruction to jump.

I don't get how come JMP RIP-0x10 generates an infinite loop (Because supposedly it's always jumping back to itself.) Shouldn't it be just JMP RIP in that case?

RIP represents the NEXT instruction, IIRC

Sup people, need some tips about python. Running it on my kali vm , and cant run any scripts, says module not found… even though I have it installed. Maybe python is running from a different repository?

python2 is the default python interpreter on kali

pip usually points to py3 though, as py2 has not been supported for quite awhile

I see

When you install stuff, use python[x] -m pip install, then it'll install it for whatever python[x] is pointing to -> rather, it installs using whatever pip is associated with that version of python

Or assume its python3 like juun said, you can always check with pip --version tho

I have two processes in my program. I declared a queue globally. When i push some values to queue from process 1 then i can not get values in process 2 from the same queue. Is there a way to get access to the same queue in both the processes?

Language?

c++

I think it is not possible. I have to do it with IPC

Using shared memory, IPC
To allocate a shared segment of memory for both the processes, use any IPC to share data across one another
Shared memory would be good for definite size of data, I wonder if queue would work that way🤔

Yah queues are not working.

Thanks , i will check shared memory

Gave +1 Rep to @plucky helm

What is it that you are trying to implement?

I am working on my final project. Where we have to make different processes , need to share information between them, also have too implement multi-threading.

Ok, but what is the requirement of sharing a queue (a dynamic data structure) across the two processes?
Can't you process that data in a process and only share the results?

Shared memory and queue won't be easier to implement correctly
The queue may allocate outside of shared memory section causing memory leaks/errors😄

Actually, i have processes of like customer, manager, cook, waiter etc. Where i have to save the orders in sequence so that the cook can take the very next order in queue. But i can't use queues, as the info can not be shared with queues.

Do you know about client-server protocol?
There could be one server maintaining all of the data and then you got cook, waiter ... as __client__s
Yeah, you can use IPC to make different process listen for a message and perform its task and then perhaps respond back with some result(s) depending upon your use-case by making use of signals🙂

And there comes process synchronisation as well😄

Yah , I know client-sever architecture. But here our focus is only on operating system concepts like processes, threads, IPCs, Pipes etc.

Anyway thank you for the help. I will sort it out.

yah , this one i don't really like

This doesn't always work - on most distros, python2-pip is removed from the repo, so alternate means must be taken to even get py2 pip on the host.

Late to the party but it popped up when I opened chat, currently writing a wrapper for zip cracking in Rust, its been pretty interesting. In the near future Ill pivot to a rust based parser. I recently finished an alert feeder for The Hive incident response platforrm

I’m looking at some python code and I noticed that they imported everything from a module. Why not just import the module?

Instead of “import socket” they did “from socket import *”

Why would they do that 🤨

when you use import socket, you need to use this syntax to access functions of it : socket.name_of_the_function()
but when you use second one you can directly use name of the function to use it

Example

from math import *
cos(60)
-0.9524129804151563
-----------------------------------------------(I opened another cmd)
import math
cos(60)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'cos' is not defined

(you need to close and reopen a cmd to rebuild this example)

The latter is prone to name collisions.

This makes absolutely zero sense to me but thank you for the seemingly perfect explanation anyways!! 🙂

Gave +1 Rep to @haughty horizon

I am still just starting python I apologize

I mean, probably they didn't want to write socket. everytime they use those functions

but using import is better in my opinion as you can escape from name collisions as @solar hull stated

Oh so like the first example. You can say “cos(60)” instead of “math.cos(60)” ??

Something like that?

yeah

Oohh look at me guessing right. Thank you again 🙂

+rep @haughty horizon

Gave +1 Rep to @haughty horizon

wha

wanted to check and saw this sooo...

thank you

Gave +1 Rep to @tropic minnow

Yeah I saw this later on, on pypi the removal is also mentioned, I tried installing pip for python2 and its just not available, saw something about get-pip.py but didnt bother trying.. so python -m pip install is indeed pointless, unless your python is pointing to python3, oh well..

Is it still recommendable to use pip this way at all then? Or does it not matter anymore these days? <- Guess as long as you know what python the pip is associated with it doesnt matter, maybe if you're running different python3 versions, but you'd probably want to use pyenv/pipenv then anyways

Hey does here anyone uses vs code?

I am having some problems in debugging 🥲

Hello guys merry Christmas

I want to know how do you specify a alert message programmed in json to hydra when bruteforcing a login page

Looks like you'll need to learn how the login works first

What does Eulerian path mean at this photo ? Am I supposed to say to user that finding eul path is not possible or possible OR Am I supposed to find the eul path ?

Probably just take it however you want. Easy mode is saying whether there’s a euler path or not, more difficult mode would be actually finding it.

Yep, I was thinking the same thing

+rep @stoic badger

Gave +1 Rep to @stoic badger

Python, need to have a multiline input that the user can navigate. (Think nano/notepad) All the solutions I’ve seen so far are just “loop over input”, which would work fine if it weren’t for the fact that the user needs to be able to go back to the previous line.
Secondary question of how do I pre-fill the input() line. (Or in this case, the multiline input)

test = input(“Enter input here: “) for the second question?

Thanks, but also somehow need to make that multiline in a similar vein to the first one.

Wait, does the “Enter input here: “ part get taken into test?

No

Boo-wamp

It’s a function where the user has to edit the given text, so that’s kinda important.

I’m not sure if you can do what you’re trying to do with standard python

I’d have to be at my Pc to test because I can’t think off the too@of my head rn

Yeah honestly they're going to want a proper terminal lib

I should give up and use a GUI

But god I hate writing for qt

There’s some Simple GUI libraries but they’re eh and limited

If you’re trying to make a text editor I would@t reccomend python but it’s up to you

What would you recommend?

If you’re on Windows C++ ig?

I have attempted c++.
The horrors of trying OpenSSL remain.

Tbh c++ isn’t a bad Lang, it’s just that the libraries tend to hate me.

Probably C# gui in c++ is awful unless you use qt

There are other graphics libs you can use, other than Qt. Qt is sometimes convenient, but it also has a LOT of overhead and potential licensing issues.

Aye but c# is just there and ready to go

well java also has some weird ui things

Has anoyone heard of Sonic Pi or messed around with it at all?

Java Swing bad

Idk about Java FX since I’ve never used it, but still bad

I know burp and other tools use Java and other libraries, but C++ and C# are just generally better for making Windows things

and now people are affraid of logging things in java thanks to the log4j vuln

that time that AMI was so drunk they misspelled their own name

someone has 2 minutes to answer at a question about bash script ?

https://dontasktoask.com/

someone knows their way around php? I'm having a bit of a problem here.

I made a streaming site to do some private streaming. and now I wanted to add a chat function.

I want to use asynchronous requests to not have users reload the video player every time they want to POST something

first a user has to select a username. But the POST requests just don't have any data. I'm confused.

index.php

<html>
    <head>
        <script>window.HELP_IMPROVE_VIDEOJS = false;</script>
        <link href="https://unpkg.com/video.js/dist/video-js.min.css" rel="stylesheet">
        <script src="https://unpkg.com/video.js/dist/video.min.js"></script>
<?php // bootstrap ?>
        <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
    </head>
    <body>
        <div class="col-sm-12 col-md-8">
        <video
            id="player"
            class="video-js"
            controls
            preload="auto"
            data-setup='{}'
            width=800
            height=450
            autoplay>
            <source src="stream.m3u8" type="application/x-mpegURL"></source>
            <p class="vjs-no-js">
                To view this video please enable JavaScript, and consider upgrading to a web browser that
                <a href="https://videojs.com/html5-video-support/" target="_blank">
                    supports HTML5 video
                </a>
            </p>
        </video>
        </div>
        <div class="col-sm-12 col-md-4">
            <div id="chat">
                <?php include "chat.php"; ?>
            </div>
        </div>
    </body>
</html>

Do you know if we have a goto or skip in bash ?

chat.php

<script>
    function login() {
        var name = document.getElementById("username").value;
        var xmlhttp = new XMLHttpRequest();
        xmlhttp.onreadystatechange = function() {
            console.log("post complete");
            console.log(this);
            if (this.readyState == 4 && this.status == 200)
            {
                document.getElementById("chat").innerHTML = this.responseText;
            }
        };
        xmlhttp.open("POST", "chat.php", true);
        xmlhttp.send("username=" + name);
        return false;
    }
    function logout() {
    }
</script>

<?php
echo date('Ymd - H:i:s');
?>

<?php
// display login form
function loginForm() {
    echo '
    <div id="loginform">
    <form action="">
        <p>Please enter your name to continue:</p>
        <label for="username">Name:</label>
        <input type="text" name="username" id="username" onsubmit="return login();" />
        <input type="submit" name="enter" id="enter" value="Enter" onsubmit="return login();" />
    </form>
    </div>
    ';
}

// check post
if (isset ($_POST['username'])) {
    if ($_POST['username'])
    {
        $_SESSION['username'] = stripslashes(htmlspecialchars($_POST['username']));
        echo 'Username set ' . $_SESSION['username'];
    }
}

// if not selected username, display username select
// otherwise, display chat form
if (! isset($_SESSION['username']) OR $_SESSION['username'] == '') {
    loginForm();
} else {
    echo '<div class="col-sm-9">Hello <b>' . htmlspecialchars($_SESSION['username']) . '</b></div><div class="col-sm-3"><a href="#" onclick="return logout();">Logout</a></div>';
}
?>

@torn void skip? you mean continue?

hem, ^^, if i already have an address in a file, i want to skip a block of code and go to the start to test the next adress

well yes. continue jumps over the rest of a for or while loop and starts at the top again

aaah perfect ty ^^

I just checked with ZAP

the post request is fine, but for some reason the php code gives me nothing

POST https://falcoger.ddns.net/stream/chat.php HTTP/1.1
Host: falcoger.ddns.net
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Content-Type: text/plain;charset=UTF-8
Content-Length: 17
[...]

username=testUser

I var_dump($_POST) and get array(0) {}

nevermind. https://stackoverflow.com/questions/10221974/xmlhttprequest-sends-an-empty-post

Have you tried using fetch instead?

i think i solved it

well now my post gets through. but my $_SESSION variable gets reset whenever i refresh the page.

PHPSESSID remains the same though.

i var_dump it. just after I posted it's fine. when i refresh it's empty

i think i know what it might be. probably not sending cookies to chat.php

nope. it's sending the cookie

Hello everyone, is there such a thing like tryhackme but to learn software development?

youtube has lots of resources. there are also plenty of good books

w3school offers some

like php or javascript and python

also i solved my other problem as well. apparently session_start doesn't start a session but allows access to the session. which is bullshit. but php is a dumpsterfire anyway

I'm looking more for some kind of "follow a path" thing

With a ranking system and stuff

the resources I noted have that 'follow a path' thing, if you watch a playlist for example

i don't think ranking system for programming works out all that well. thm is essentially a puzzle solving site. if you want programming puzzles go with zachtronics games. but that's not really teaching you much in terms of real world coding.

anyhow. gonna write my chat in php now. maybe.

@harsh lodge "htmlspecialchars($_SESSION['username'])" <- only encodes double quotes and not single

@paper lily Please explain

I know this doesn't concern cyber-security programming but i need an help
if (int % 2 === 0) {}
I'm using this simple javascript iteration for knowing if whole a number is even or odd. But what if i would like to know if 5 single numbers are even in the whole number

Aren't there session_start(), session_* methods?

What do you mean by 5 single numbers?

For example, i got this two number: 222225, 222255.
I want to print only the ones who has 5 even digits, so in this case i want just 222225 printed

So you want to count the number of digits which are even in the given number, right?

Initialize a variable to keep the count
numberOfEvenDigits = 0

Loop over the number and get its last digit, at the ones place
digitAtOnesPlacs = number % 10

And then remove that last digit from the number
number = parseInt(number / 10)

Continue this loop till number > 0

And yeah, increment the count if this digit is even

@plucky helm thank you so much for helping

Gave +1 Rep to @plucky helm

    public void loadFigures(String fen){
        String[] strings = fen.split("");
        char[] chars = new char[64];
        int index = 1;
         while (index <= 64){
            System.out.println(index);
            switch (strings[index]) {
                case "R" -> chars[index] = 'R';
                case "r" -> chars[index] = 'r';
                case "N" -> chars[index] = 'N';
                case "n" -> chars[index] = 'n';
                case "B" -> chars[index] = 'B';
                case "b" -> chars[index] = 'b';
                case "Q" -> chars[index] = 'Q';
                case "q" -> chars[index] = 'q';
                case "K" -> chars[index] = 'K';
                case "k" -> chars[index] = 'k';
                case "8" -> index =+ 8;
                case "7" -> index =+ 7;
                case "6" -> index =+ 6;
                case "5" -> index =+ 5;
                case "4" -> index =+ 4;
                case "3" -> index =+ 3;
                case "2" -> index =+ 2;
                case "1" -> index =+ 1;
                case "/" -> index--;
            }
            index++;
        }
    }

Can someone tell me why this loop not ending

What's the index of the first element in an array?

0

What is your failure mode? What index are you using at the start? What is in that location of your array? Do you have handling for the case of the data in the location of that array?

I tried to change it to 0 but I hadn't helped

The index is staying by 2

Think about a case where the index stays the same. I can see one there.

You're incrementing the index at the end of the while block. But there are cases when that's not all that happens.

The index++ is out side of the switch
Should it not add the 1 in any case?

It does. But think about cases when index would not increment.

Case / the index should stay

Would it be that there's a / at index 2?

Oh

Also it gose to to / than stay there

Also it will stock at the first /

@solar hull tysm

You're welcome.

I removed that case but it did nothing else the index stays 2

Then consider running it in a debugger, or adding some more debug prints.

oh

what is the different between =+ and += ?

did changed it to += than it worked

😄 That's... something unexpected. += is an operator adding to the variable on the left side. =+ is the same as assigning a positive number to the variable.

=+ isn't really an operator, it's just = and +

oh ok but you also had right with the / case i am thinking now how to go to the next char without incrementing the index

that seems normal based on that code

Any resources you guys would recommend for learning C (beyond basic syntax)?

Actually

C++

do we need learn langage php html css ?

cppreference.com and make something

https://publications.gbdirect.co.uk//c_book/ , http://beej.us/guide/bgnet/html/index-wide.html

there is a beej guide to C: http://www.beej.us/guide/bgc/

oh yes beej, completely forgot

Does anyone know any good PHP learning resource

https://www.learnpython.org/
https://nodejs.dev/learn
https://learnxinyminutes.com/docs/go/

These r nice resources to learn python js and go but I am looking for a PHP resource
Thanks 😊

Gave +1 Rep to @cold cloak

As an (ex) php programmer I’d recommend those 3 as better languages. however if you insist on learning php then Sololearn + “PHP The Right way” should see you through

I used to use Laracasts a lot when I was a developer. Maybe this can help. https://laracasts.com/

Thanks

https://github.com/fer/thm-api

Quite a while ago, I learned to code in Pascal. Which language is the closest to that and popular? (I've seen some say C or some kind of variant of Pascal or Ada)

Honestly if you've learnt to code in one language, you know the basic constructs and how to think programmatically. I wouldn't limit yourself to something that's similar to pascal.

Would you say there is a preference which language to learn depending on red/blue position?

Python and powershell are good for both

Many thanks. Appreciated.

Gave +1 Rep to @onyx merlin

Web devs is there a way to automatically update WordPresss plugins ?

https://www.wpbeginner.com/plugins/how-to-enable-automatic-updates-for-wordpress-plugins/

appreciate it, thanks

Gave +1 Rep to @cold cloak

#!/usr/bin/python import socket ip = raw_input("Enter the ip: ") port = input("Enter the port: ") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if s.connect_ex((ip, port)): print "Port", port, "is closed" else: print "Port", port, "is open"

Actually I was reading the book penetration testing by Georgia . So it was a script from that . If it is in python2 , Can anybody help me converting it to python 3.

#blocks consider the following method, mystery2 :
public static void mystery2 (int[] a, int[] b) {
for(int i = 0; i<a.length; i++) {
a[i]= a[2* i& a.length] -b[3* i & b.length];

}
}

what are the values of the elements in array a1 after the following code executes?
int[] a1= {2,4,6,8,10,12,14,16};
int[] a2= {a,1,2,3,5,8,13,21};
mystery2(a1,a2);

hello guys how r u doin it's not a homework or smth but i wanna to n-learn and know how to solve it could you please help me?

Where did you get this problem from?

I believe only the print statements need to be modified, like
print(f"Port {port} is closed/open")
also, raw_input is simply input in python3 and port input should be int(input("Enter the port: "))

Looks like they’re using python2

`It presents a prompt to the user (the optional arg of raw_input([arg])), gets input from the user and returns the data input by the user in a string. See the docs for raw_input().

Example:

name = raw_input("What is your name? ")
print "Hello, %s." % name`

Hey I made a port scanner in python 3 it’s a little more compckisred

yes... thats... why..... I tried to convert it to python3

import sys
import socket
import threading
import time
from queue import Queue


print_lock = threading.Lock()

if len(sys.argv) != 3:
    print("Incorrect amount of arguements... exiting.")
    exit()

target = socket.gethostbyname(sys.argv[1])
workers = int(sys.argv[2])


def scan(port):
    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
        socket.setdefaulttimeout(1)
        result = s.connect_ex((target,port))

        if result == 0:
            with print_lock:
                print("Port {} is open".format(port))


def multithread():
    while True:
        port = task.get()
        scan(port)
        task.task_done()

task = Queue()

for x in range(workers):
    thread = threading.Thread(target=multithread)
    thread.daemon = True
    thread.start()

for port in range(1, 65535):
    task.put(port)

task.join()

Here's one that uses threading

Here's one that doesn't

import sys
import socket
from datetime import datetime

# Defining a target
if len(sys.argv) == 2:

    # translate hostname to IPv4
    target = socket.gethostbyname(sys.argv[1])
else:
    print("Invalid amount of Argument")


for port in range(1,65535):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    socket.setdefaulttimeout(1)

    # returns an error indicator
    result = s.connect_ex((target,port))
    if result ==0:
        print("Port {} is open".format(port))
    s.close()

import sys
import socket
from datetime imoprt datetime

ip = input("Enter IP: ")
port = input("Enter Port: ")

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket.setdefaulttimeout(1)

result = s.connect_ex((ip, port))

if result ==0:
  print("Port {} is open".format(port))
s.close()

Here's one that I quickly just wrote that uses user input directly from the terminal

You might want to use with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s: better pracitce than closing it at the end

@lilac holly Yes comptime is similar to constexpr or compile time macros

Gave +1 Rep to @hollow tangle

Yeah it's designed to allow flexibility

I'm not too familiar with zig though I've only had a few brushes with it and learned the basics of it

Thank-you so much for helping

imoprt

We doing python port scanners?

Hold my beer

https://github.com/Hydragyrum/py-port-scanner/blob/master/port_scan_v2.py

Should clean up the imports though

Are they really efficient/fast enough in real world scenarios though? It's the reason rustscan was made right?

Depends, works well enough

IRL you do not want fast

You want slow, steady, and unlikely to bring anything down -- which is why Nmap is still the industry standard despite things like Rustscan existing.

Yeah

Fast is good for CTFs or other situations where it doesn't matter if you hurt the infrastructure by accident, but if your superfast port scanner accidentally crashes the client's webserver then you could cost them millions.

Fast is good for ctfs and terrible for the real world

Makes sense since my interests are only in ctfs

is there anyway i can do this but not be passing $1 around everywhere such as lines 30, 31 and 35?

tcp() {
  nmap $1 -Pn -A -p 0-65535 -v -oN scans/nmap-scan--$1 -T 4
}

udp() {
  nmap $1 -Pn -sU -A -p 0-65535 -v -oN scans/nmap-scan--$1 -T 5
}

all() {
  tcp $1 # line 30
  udp $1 # line 31
}

if declare -f "$2" >/dev/null; then
  $2 $1 # line 35
else
  echo "Error: invalid function"
  exit
fi

you could try saving the argument value like ip = $1 maybe

okay i'll try that soon :)

Basically that

Had to do something like that in one of my scripts for work

🙂 tbh I saw your ping and thought well, let's see how I have f**ed up trying to help and got corrected,

Nah

So, I'm thinking about writing some basic tool/script(python), any ideas or suggestions?

# Ideas
- Port scanner
- Zip file cracker
- Banner grabber

Thanks 🙂

Gave +1 Rep to @vague egret

No prob!

Can combine a banner grabber with the port scanner

Hi! I'm currently on the python basic room and I don't get something
import datetime current_time = datetime.datetime.now() print(current_time)
Why it's datetime.datetime.now and not datetime.now ?

The method is only now right ?

It's a method on a datetime object from the datetime library

You could from datetime import datetime

oooh I get it thx

Then it'd be datetime.now()

any way to call the method by just now() ?

Off the top of my head, no

You need to reference the class that it’s in

thanks

There is an ugly way of doing it, but i won’t recommend using it 😄 import datetime now = datetime.datetime.now now()

Hey anyone can say how to bind the authorization token in GitHub copilot

And i am in the waiting list how much time it can take to enable my account

Hey @frigid ore make sure you verify

Dm the @narrow terrace bot and verify

can anyone tell me how to do a solution search with angr but limiting the length of the output?
I have a crackme file and it wants a password. I run angr with .explore(find=0xblah, avoid=0xbleh) and it dumps me a string of non printable characters that overflows the buffer. Putting that string into the program does indeed give me the desired answer, but smashes the stack, making it useless. I put another avoid address into the stash smashing detection, but it just doesn't... avoid it for whatever reason.

I tried using the solver, but it's a bit over my head. On top of it it seems like it expects you to know how long your target string is going to be. Do I need to run the solver in a loop to test out of the different lengths?

That is not something we (and by we I mean mods, because the rest of you shouldn't be enforcing anything in here) enforce 🙂

this is an error from suricata. Not sure where to ask this question so im sorry if this is not the right place to ask this

does anyone know what this means

Why don't you try asking this on official python server.

Thata doesn’t look like a general python issue, rather something to do with suricata.

https://stackoverflow.com/questions/70592864/aspnet-core-mvc-how-to-bind-a-list-of-a-group-of-inputs

can anyone help me?

it is my question

i finally got a good grasp on how to use angr, I think.
Code solves reverselfiles room crackme8, so consider this a spoiler, I guess. I did it manually but it was the first thing to come to mind when wanting something to use angr on.

#!/bin/python3

import angr
import claripy

p = angr.Project('crackme8')
argv1 = claripy.BVS("argv1",100*8)

st = p.factory.entry_state(args=[p.filename, argv1])

# how to add constraints
index = 0
for ch in argv1.chop(8):
    if index == 0:
        st.solver.add(ch == b'-')
    else:
        is_num          = st.solver.And(ch >= b"0", ch <= b"9")
        is_alpha_lower  = st.solver.And(ch >= b"a", ch <= b"z")
        is_alpha_upper  = st.solver.And(ch >= b"A", ch <= b"Z")
        is_zero         = st.solver.And(ch == b"\x00")        
        constraint      = st.solver.Or(is_num, is_zero, is_alpha_lower, is_alpha_upper)
        st.solver.add(constraint)
    index = index + 1

sm = p.factory.simulation_manager(st)

# find access granted
# avoid: usage with cli argument, access denied
sm.explore(find=0x08048502, avoid=[0x080484b3,0x080484eb])

solution = sm.found[0].solver.eval(argv1, cast_to=bytes)
solution = solution[:solution.find(b'\x00')]

print(f"solution:\n{repr(solution)}")

is there anyone here good at processing ?

its a java program

Just ask what you need help with and if someone can help, they will 🙂

I have used it, Processing3 🙂

really 😮 how good are you at it ? and can i DM you for help ?

I ain't good, just used it for a few years to create small games 😄
You may DM me

You'll get more answers if you post your question publicly - is this a homework assignment you are asking for help with?

perfect thats execatly what i need becuase what im trying to do is make a simple game so nothing complex

yep deadline 13

Splash or game over screen (draw does different things at different times)
 An ArrayList (or array) of attacker objects
 Animated sequence of images for the attacker objects (appears to climb, fly, etc)

Player can drop objects (attacker removed from game on collision)
 A 2nd type (class) of attacker objects that must be avoided by the player (collision
involves loss of life or game end)
 Class-inheritance for different attacker types (perhaps other classes)
 File handling – high score(s) saved and read from file

Array of PImages for animation sequence
 Exhibits some polymorphism with the array/arrayList of attackers

Your instructor should be the first person you ask - and asking us for help may be considered cheating or a violation of your schools honor code

ohh yea ok nevermind

but those things are what i want to do

and also they arnt much help becuase of covid 😦

so its kinda unfair

if this virus never existed then i most likely wodnt coming for help

but your right

dont want to risk

but do you know the quickest way on hos to learn all of this ?

Any advice we give you is very likely to show your instructor that you had outside help - because most of us who hang out in this channel have been programming for years and our thought processes and approaches are going to be very different than how a beginner approaches the same problem.

Practice it all

Hello World projects are a great way to learn how to use a new library

lol i had a feeling you was going to say that and yes that is true

and this is good for java ?

Its good for any programming language

The best thing is that IDE has Examples, see the File menu

oh nice

Learn how to use what it before trying to do anything complicated

IDE ? is that in processing ?

There's a reason that the hello world test project paradigm has stuck around for so long

IDE := Integrated Development Environment

yea true its all about the basics thats what i am doing i am a first year

ohh ok that i did not know - i am a noob

but is asking advice ok

so for example if i want to know how to do polymorphism ? what can i say to get help ? or where can i find help for that

i mean at the end of the day i cant really copy i will just have to break your code down into something i can understand thats basically what i will do

Your first step should be to read the course materials and references on it. Then ask the instructor.

thank you 😮

Gave +1 Rep to @magic falcon

Also fizzbuzz

Calculator is always popular, as is string reversal

Game of life is a slightly more complex kata that gets seen quite a bit

Text based adventure is a nice intro to string handling and control flow in teaching, IMO

also yeah

I had people doing a markov chain generator, that was fun

Hey y'all. I've been learning Python on codeacademy, but mainly because I know it will be beneficial to working in cyber. However, I sometimes get discouraged because I know I don't truly enjoy coding. Do you have any tips for sticking with it or otherwise? I find I am better at interpreting already written code vs writing code based on a problem or project.

Do coding challenges

Or recreate infosec tools that use python

It’s ok not to like coding. Unless you’re a programmer you probably won’t have to do a ton of it

dont:
program:
in:
${yaml}
when:
-youCareAbout("maintainbility")
-youWantToStay("productive")

xd

Yaml isn't a programming language

It doesn't want to be a markup language either

Tbh it's basically just json

question that could be stupid, but is there a way of converting all the python2 exploits to python3? I am using 2to3, however doesn't convert lots of things, parenthesis to wrap the print statement as first example. There are a lot of exploits written in python, and would take a fair amount of time to debug every script individually

how to do programming

i am new

pls help

Nope -- that's the problem with Python2 being officially EOL

So many exploits are still Python2 and there's no easy way to convert them all

that's such a broad question, you could try googling for some Java or Python intro\beginner level tutorial
or books, there's really a lot of stuff out there that can get you going

hi guys i know python what can i do with this knowledge?

Code.

In theory anything

i liked that one

no i mean in practical things or projects do you have any idea?

Literally anything. Discord bot, automate tasks, webscraping, file management, webhosting, etc.

do some YouTube search. there's a channel "techwithTim" he does a lot of how-to videos (some like 12 hours long), you can take some idea or inspirations

I have issues with the exploit 46635.py (from searchsploit), I converted it to 3, but when run it, it says:

UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 933: invalid continuation byte

anyone know how to go around with this?

you'll probably need an explicit byte string (b"")

anyone no how to fix this

File "sublist3r.py", line 12
async def do_search(self):
^
SyntaxError: invalid syntax

What is the version of python you're using?

I suck at programming like completely

Any material out there that would help, I don't mind any programming language, I'm willing to learn

I was doing the ZTH web vulnerability room and the jwt 3rd step gave me issues like a lot

I followed the syntax yet I kept getting syntax error for at least an hour