#programming

is that a good solution?

it worked xd

the google search here would be python if item in list

i searched this, "how to check every item in a list python"

i founded the if ... in ....

thanks ninja ❤️

just wrote some art

    i = 0
    cos = math.cos(math.radians(angle))
    sin = math.sin(math.radians(angle))
    while (not max_dist or i < max_dist) and max_dist < max(game_map.shape):
        ny, nx = int(coords[0] + cos * (i+dist_offset)), int(coords[1] + sin * (i+dist_offset))
        if -1 in (ny, nx) or ny >= game_map.shape[0] or nx >= game_map.shape[1]:
            return 2, (int(coords[0] + cos * (i-1)), int(coords[1] + sin * (i-1)))  # Out of bounds
        elif game_map[ny, nx] == 0:
            return 3, (int(coords[0] + cos * i), int(coords[1] + sin * i))  # Wall
        i += 1
    return 4, (int(coords[0] + cos * i), int(coords[1] + sin * i))  # Free to go

it's the collision check for my rip off wii tanks game I'm coding to implement some ML into

for no reason at all

hardest part is yet to be implemented: the ricochet effect when a bullet hits a wall

That takes me back to my childhood.

hello, this is my first message in here. Does anyone in here ever had STATUS_INFO_LENGTH_MISMATCH while using NtSetInformationToken to set the token integrity? Im pretty sure i've had everything right but i always get that NTSTATUS 🥲. im using TOKEN_MANDATORY_LABEL as the data input, is that correct?

im using C# btw. and for the TokenInformationLength, i use Marshal.SizeOf to get the size of the TML

hmmm should use normal sizeof instead 😂

Use countof

never heard of that before

now i got a new error

InvalidSid

i use ConvertStringSidToSid

it doesnt return an error

nvm fixed it

Just use 180 - angle, or invert the angle across the normal vector to the plane

yeah

But I need to calculate the angle of the wall it bounces off as it can be upside, downside, left side, right side etc. with all different angles

so I'm probably gonna need to do some atan2 magic in addition to some point detection magic

should be able to use the velocity vector w/r to the normal

arg how can people enjoy coding with JavaScript?

I have two react components that refuse to talk to each other because one want require and the other wants imports.

and node is derping out

Based on discussions on this server earlier: because javascript is compact and does not require strict typing :p

yeah but I just want to get this presentation working with proper code syntax highlighting

I personally dislike JS

Some of the method / function names don't click etc

like function parseInt() and method .toString()

very persistent™️

i have a text file which looks like

user: jake
x
x
x
x
x
hash: fsdsdfdf
y
y
user: john
x
x
x
x
x
hash: gfdgfggg

i want to get this into the format: user:hash with bash but not having a good day

this gets me each "section" of a users details

grep "hash" file.log -B 6

and i thought i could use awk or xargs somehow in conjunction with that but no

awk 'length > 4' <file> should give output without those one-two word lines

one-two word lines?

x
x
x

these ones

ohhh those are actually other properties which i just emitted for this example

oh those are required?

then tr -d "\n"

should make it compact and delete new lines

Is that something like a crude parser for LDIF output? 😄

Grabbing uid and userPassword fields

You could use multiline regex to extract the capture groups as needed

If you want pure bash:

grep "\(user\|hash\)" hashes | cut -d " " -f 2 | sed 'N;s/\n/:/'

Provided that format is consistent throughout the file, that will grab it

On the off chance that there are other instances of "user" and "hash", use:

grep "\(user\|hash\): " hashes | cut -d " " -f 2 | sed 'N;s/\n/:/'

i did it in a fucky way in python but would have probably been useful if i just said this was lsadump::dcsync output

and wanting to associate SAM Username with Hash NTLM

I think @thorn finch has a nice webapp for Mimikatz parsing?

is it one that i can download locally? 👀

fawaz ain't nabbing my client data 😅

Its JavaScript

So it runs on the browser

Mimikatz.xyz

oooh cool that's nice

and stores it on fawaz server 👀

Hey, I'm reading up on a C# networking library and one of it's methods is: "Provides the underlying stream of data for network access" does this mean anything for someone? It's a library that's used for socket creation

Hi

It's the System.Net.Sockets library and I'm talking about the GetStream Method

trying to get an entry-level IT job and the hacking games seem like thwey would propel me forward fast.

shut yo ass up

how is that even relevant to this channel it's not even a question

@icy bobcat

What do you need to discuss about it?
Connect to a network, get its NetworkStream and read data from it; isn't that it?

What does "underlying stream of data" even mean

How does that relate to actual networking terminology?

Oi

your honor he was on that bull'

Don't be mean. First and last warning

while you're here 👀

would you happen to know anything about what I asked?

When you make a connection, you gotta send or receive or do both
So there is NetworkStream, you wrap it with the writer or reader classes to do what you want with the underlying data within that stream

underlying data being the data that's being sent or received?

Yeah

Be polite.

Fluff bonked them already, James

I got a 34 inch widescreen monitor and trying to use it as a peripheral monitor on the right kinda is challenging

hello

i am doing intro to django

and

i dont understand this oart

Articles and articles

i am getting errors after errors

Hi

hello

maybe it's the extra ' , ' you have at line 21

In c, i have an array that holds any amount of integers, so for example, the user inputs "5 3 8 6" and then the program sorts the numbers in the correct order making it "3 5 6 8". My next step is to add the values in between each element. So the program would do 3+4+5+6+7+8 and put the total into a variable. My question is, would I need to do an inner for loop like

      for int j =0;... ``` or what would be an efficient way of getting the sum? Hopefully my explanation makes sense. I was thinking creating two variables, one for the first element and another for the second then i would increment once i get the sum for those values.

for (int i = arr[0]; i < arr[-1]; i++) {
    sum += i;
}

^assuming arr[-1] returns the last element

What kind of values are being inserted in the second step?
Summing up and sorting doesn't make sense, as you could sum the values in any order

If you are filling the initial array of values with every integer in between after sorting, and then finding the sum of those values
Then you could just find it as -

=> Σ(max) - Σ(min - 1)
=> (max - min + 1) / 2 * (2 * min + (max - min))

I've made a telegram bot which reads the data of an image and keeps it in a variable until someone requests it. I've noticed that the bot after like 1-2 hours forgets the data of the image and the variable becomes null or empty(not sure). Is there like a time limit for how long it's gonna keep the memory?

It errors out when I run the command to request that image. Last line of the error reads:
telegram.error.BadRequest: File must be non-empty

lmao i was over thinking this completely, that makes sense ty. And i have a variable which holds the value of the last element

I was thinking like do the first and second element, then increment each position

Ahhh okay

I think we need more info. Can you show your code?

did you try only rel="icon" and not rel="shortcut icon"? is it in the <head> of the html? is the portrait.png a regular <img>-tag?

in C what happens to the functions that are not called in the main ? Are they executed or not?

If I wrote something like

#include <stdio.h>
int foo(){
  printf("This is the foo function!\n");
  return 0;
}

int main(){
  printf("This is the main function!\n");
  return 0;
}

Only the main function would execute. However, the foo function and everything it does still exists in the memory space of the process, it's just not being called at all (someone please correct me if I'm wrong).

So simple answer: No they don't get executed

but given certain circumstances, unchecked user input could get it to execute

big thanks !

Gave +1 Rep to @stoic badger

Exception being things like libraries that have their own functions that get called when loaded, I can't remember the Windows or Linux function names though

ok !

this is true

For linux you can mark a function with __attribute__((constructor)) and it will get executed whenever the library is loaded like

__attribute__((constructor))
void foo() {
  printf("Hello World!\n");
}

Windows has DllMain

#include <Windows.h>
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved) {
  switch (fdwReason) {
  case DLL_PROCESS_ATTACH:
    printf("Hello World!\n");
    break;
  case DLL_THREAD_ATTACH:
    break;
  case DLL_THREAD_DETACH:
    break;
  case DLL_PROCESS_DETACH:
    break;
  }
  return TRUE;
}

It's a pretty handy feature when developing libraries

Mistakes which a programmer should be aware of and work on them

https://twitter.com/_swanandx/status/1493436535416696837

how to do this operation in x86 Assembly
rax = rdi modulo 256
I tried this but I dont know what am i doing wrong
0x400000: mov eax, edi

Why don't you use and eax, 0xff?

value % 256 => value & 0xff

actually i am new to x86 i really dont understand the meaning of modulo 256

The modulo is % (get the remainder)
314 % 10 => 4

i get what modulo does mathematically

but when is was searching for what does this operation mean in x86 it was said it is equivalent to moving last 8 bits of the number

Yeah, value % 256 gets the remainder when dividing with 256 (2⁸)
Which is equivalent to keeping the last 8 bits (256 => 2⁸)

f yes why i didnt think that way

value := 312
0000000100111000 (16 bits)

% 256 => keep last 8 bits
& with 0000000011111111 (255 or 0xff)
  0000000100111000
& 0000000011111111
= 0000000000111000

why is and used?

i get the operation you did in example

it is redundant

i think

Yeah, just updated it😅

You get that part of keepingthe last 8 bits?

yes

With value & 0xff you are keeping the 8 bits using 0xff (255) as the mask

It is 11111111

0000000000001001 & 0000000011111111 = 0000000000001001 https://www.rapidtables.com/calc/math/binary-calculator.html

i tried it here

Oops, I forgot to update the latter value🤦‍♂️

oh

Hey, while debugging same binary on my Kali vm and on my Ubuntu vm, I got same address values withis the registers...

Why is that we are debugging in 2 different machines => diff. Workspace => value should be different right??

Then why am I getting the same address??

Provided, ASLR is disabled!

Any form of help would be very much appreciated....👌

In Java, how to store object of no-arg constructor in ArrayList if I am using Collections.synchronizedList(new ArrayList<Integer>)?

I’m not sure I understood what you’re trying to do.

Create an empty synchronized list?

1st of all, keep in mind that I am a n00b in programming.
Here, I am creating one ArrayList object capable of storing objects of 2 classes.

I haven't done any dedicate course of java so just googling things up

I found that synchronizedList() is the way to do so

Collections.synchronizedList wraps an existing list and makes the list synchronized. It has nothing to do with the types the backing list accepts.

The backing list is the actual container for the values. And in your line, the list is typed to contain Integer objects.

backing list?

see I want one ArrayList object to store objects of 2 classes

Yes. The one that actually stores the data.

Are the two classes related, and have a common super class?

yes an abstract class

Then you should likely create the backing list typed with that abstract class

Now the ArrayList creation refers to Integer.

should I give you a bit more context, asking just in case you aren't already engaged somewhere else rn

You can provide context here.

any DEVS here?Need a quick help

Just ask your question

Error.
An error occurred while processing your request.
Request ID: |a49c44ff-4708fb6047f3bfd4.

Development Mode
Swapping to the Development environment displays detailed information about the error that occurred.

The Development environment shouldn't be enabled for deployed applications. It can result in displaying sensitive information from exceptions to end users. For local debugging, enable the Development environment by setting the ASPNETCORE_ENVIRONMENT environment variable to Development and restarting the app.

i was getting this after deploying my website

deployed to production or to dev environment?>

you should never enable debugging on a public facing anything

i can access the other pages but can't access only one page

production

but in my local host i can access every pages well

What are the config differences between prod and dev?

prod means deploying to the customers and dev evn is the enviroment development by the dev

What I'm telling you is to investigate those differences.

i have not much idea about this

Because if it works locally, there is some config or permission that differs from production.

Can you even talk about this publicly? I would imagine your NDA may not allow it.

i was just building it for my project for my end term

well i'll say yes as it's just a simple project website for beginners like me

If this is going to be graded or assessed as part of a course, your first person to ask should be your instructor

ya you are right...But our teacher didn't even teach about ASP.NET well and he was teaching us on 2015 version of visual studio.so we got confused when we use 2019 or 2022rc

besides due to the lockdown,it was all in vain..

i just learnt some few from youtube mainly from freecodecamp

And then they are doing business for the project as an advantage..it was like they collects some money around 70 USD from the students who cannot do their projects and then they built it for those students..it's really bad here

I'm currently trying to decrypt a string using bruteforcing a key. How can I implement whether the returned string is succesful or not? I assume only method is to check whether its human readable (ascii), but how can this be done?

Unless you know what the file or string is, you really can't. That's part of the trouble.

Ascii readable chars fit a certain range so that's doable though

Well, readable printable

i know the decrypted string only contains lowercase/ uppercase characters and digits

No special characters

Then you can write a function to check the contents of a string and return true or false, right?

Yeah indeed, think thats the best option :)

thanks!

Hello, I've got a question what's the difference between

diff $(echo $var1) $(echo $var2) 

Or doing

diff <(echo $var1) <(echo $var2)
```?

https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html#Command-Substitution

Hi guys, anybody used SpaceVim as IDE? And, if is possible to supports multiples programming languages.

Haven't used it but i think it should definitely support support multiple programming languages

It's vim afterall

I maybe wrong, but there is neovim which is being developed
And Lunarvim to configure it which I think is better than Spacevim
https://lunarvim.org

in my python code why it is showing 'code is unreachable pylace'>?😕

@silver kindle what are you needing help with?

if I had pic perms I would've showed you 😭

Enter the number of integers:5
1
Enter an integer:5
Enter an integer:12
Enter an integer:14
Enter an integer:20
Enter an integer:25
YES: input is sorted

Enter the number of integers:2
Enter an integer:10
Enter an integer:2
NO: input is not sorted

I gotta make the program like this

I just need guidance in that because I'm a little confused on how I can make the "Yes: input is sorted" at the end

or No: input is noot sorted

!docs verify

Then you can send pics

yeah imma need some pics cuz im not understanding

@clear lodge do u mind if we move to medium study room once?

Sry papa its 1 AM for me hehe

hol'up

one sec

do u mind if i can DM u?

You may but I will look at it after sleep :)

@somber trail sorry for the ping

does it show?

now?

what is part a?

i dont understand what your sorting by

Part a I did it I'll show you

i hate to tell you but thi sis a little above my head :c im sorry

So sorted means low to higher integers?

"nondecreasing order"

so yes if its increasing? idk it confuses me

Yes you got that correct

thanks lots

Gave +1 Rep to @clear lodge

I dont think I really helped whaha

But do you know what to do now?

I'm asking sum peeps out with some help, I just need someone to just tell me how I can write that they're sorted and how they're not sorted 😭

Just for the record, we don't generally help with homework assignments here :)

oH

@brazen eagle No worries man 😌

(Mostly because that would technically be cheating)

Also you don't technically need to actually sort the input

I need a learned pentester to tell me which place to go to learn python

Complete noob here*

Are you wanting to learn python strictly for pentesting?

That's not a good reason to learn python. Python is such a small piece of pentesting.

If you want to learn python, the no starch press books are all pretty good.

Yes, and also for automation and building programs etc

Whatever i can do with python i want to do it lol

Juun gave you a good source of learning it.

@magic falcon I just had a programming test and found myself just starting to write code and trying to make it work. taking a step back and programming FOR the objectives made it infinitely easier. simple thing but very effective. It can be so easy to just fall into a rabbit hole of trying something until it works when it's not even what you need.

Having some objective is usually a good idea

Hey I just got a question, which language and framework would you recommend for coding a website backend?

https://www.geeksforgeeks.org/top-7-programming-languages-for-backend-web-development/

I use Python Flask by preference, personally 🤷‍♂️

100% depends on the intended use of the webservice and projected lifespan and needed controls.

If it's a thing that I need to maintain for years, I would pick a framework that has a lot of security controls met out of the box without a lot of fiddling. If it's just so i can show something off in a short lifespan, I would probably pick something that doesn't require as much time investment to get 'right'

Not sure if this goes under programming but in bash, is there a way I can use the "find" command to show the full path of the file im searching for, rather than starting from where I use in the command? Like:
find ~+ ../Folder1 -name "*.txt" 2>/dev/null gives me the full path and ../Folder1/file,txt. Hopefully this makes sense.

with the last line of lst how do I take specific input from lst and replace specific characters from display

#Step 2
import random
word_list = ["aardvark", "baboon", "camel"]
chosen_word = random.choice(word_list)

#Testing code
print(f'Pssst, the solution is {chosen_word}.')

#TODO-1: - Create an empty List called display.
#For each letter in the chosen_word, add a "_" to 'display'.
#So if the chosen_word was "apple", display should be ["_", "_", "_", "_", "_"] with 5 "_" representing each letter to guess.

guess = input('Guess a letter:').lower()

display = ['_' for i in chosen_word]

string = ''.join(display)





#TODO-2: - Loop through each position in the chosen_word;
#If the letter at that position matches 'guess' then reveal that letter in the display at that position.
#e.g. If the user guessed "p" and the chosen word was "apple", then display should be ["_", "p", "p", "_", "_"].
lst =[ i  for i in chosen_word if i == guess]

I think you should read up about lists and indexes

alright

Totally depends on what you need, and what you know.

I would like to make a portfolio website

Then you probably just need a static site

But I would like that they can make an account on the website and do some stuff on it, It will be a little bit more than just showing myself and work

also a appointment system

and so on

anyone suggest me where to start programing for penetration tester

black hat python or black hat go are great books to start with.

But, if you are learning programming specifically for pentest, that's such a small part of the job you would be better served by having a much broader set of topics

True, then a WordPress type thing is enough

but idk wordpress has too many "security breaches"

most wordpress breaches are caused by bad plugin configs.

This, the core product isn't that bad

Muiri uses wp

Although I probably wouldn't if I was starting again now 🤷‍♂️
I set my blog up when I was just getting into security -- my dev and sysadministration knowledge was... limited

I think taking a look at the CVE (cvedetails) page for Wordpress should tell you enough.

You got a pretty good idea on how not to do it from these rooms

so structs in C are like classes in python?

or are they different?

@inland badger no not really

structs in c are meant just to store data

whereas python's classes both store data and have functions attached to them

Structs are effectively combined data types -- a way of pulling multiple pieces of data together.

C lacks OOP

ah, thanks!

Classes are a different concept all together

okay!!

c++ has OOP right?

Mhm

right!

A C++ class is like a python class, although they are still different to use. Same idea though.

okay!

thanks!

you can kinda do oop in C, but that just is making functions attached to a certain struct
kinda like you separated the data storing portion of a class and put the functions from it next to it but not necessarily attached to it

are there any disadvantages to it?

It's hacky as hell 😆

ah

kay

^
don't think there are disadvantages per se, but depending on the project it may or may not result in messier code

okay thanks!!

It's not how structs are meant to be used, but it works.
It's just messy. Basically involves stuffing pointers to functions into the struct and calling them that way.

so the c++ implementation is "better", right?

C++ is designed to use OOP concepts, so, yes, infinitely so

okay!

I mean you're storing function pointers in both cases anyways, just one is more hidden

Is it ok not to learn c++ after knowing C# when it comes to ASP.NET web development framework?

you can learn whatever you want in whatever order you want 🙂

You can do OOP in C - it gets pretty funky though, as your 'data' in the structs is void pointers to function names. Encapsulation is done through a trickery by having different header files for the public, protected and private interfaces.

Python also doesn't really do OOP, as the private and protected interfaces are only recognized by convention and not by the language itself.

hi, i wanted to ask if i should get familiar with and rely on it or just write my own stuff i think the second is the best but im still contradicted. Should i just do both?

familiar with metaspliot* sorry

Honestly, Metasploit doesn't take that much to get familiar with it.
Completing Blue, Ice & the Metasploit room on TryHackMe are more than enough to understand the fundamentals.

I'd recommend not relying on it but knowing how to use it has a great benefit.

i see thank you yes i understood that

For a bit of a challenge and fun I decided to make a script that will nuke my reports, scripts etc. Automatically and then self destructs the script

Since it will be my last day at my current job soon

is this powershell or something else?

This is Batch

I assume, as in windows batch file?

Yes that's right

nice, don't see a lot of those normally

Thank you, Windows is my daily driver and I'm more proficient at Batch than powershell to be honest. I tend to use powershell for creating Windows VPN profile import scripts

Gave +1 Rep to @tropic minnow

I think we can all agree that encapsulation is a joke and is never done properly?

I have a small question for this channel 🙂
In my course, we always put the following in each mini-script (Python)

if __name__ == "__main__":
        main()

I guess I understand what it does but would just like to understand a bit better if that makes sense? Thanks in advance

It's to make sure that the main function doesn't run when you import the file in another file

Thanks Szy

Gave +1 Rep to @faint sparrow

how much you get paid at your current job?

Not enough

i'm looking to pursue computer science but i'm extremely weak at math literally can't understand maths, should i or can i do it? bro

I am horrible at maths, also did not go to university. My opinion on university would be biased, I felt it was a waste of time for me as I wanted to start getting work experience right out of college

You need to ask yourself why you would consider computer science and what kind of job you'd like to have, if you require that university degree then go for it by all means

Appreciate bro.

I want to be an front end developer and gonna have a decent job.. could you guide me? What steps should i take and how should i start my journey

University might be a good step for you. I have a friend who is doing his masters right now who wants to be a developer. I wouldn't be the right person to guide you unfortunately, I am not a developer nor interested in becoming one. I would suggest following some people on LinkedIn, finding a good mentor would be amazing for you as they could help guide you

this is cool

Appreciate your time, and it was nice to talk to you sir. Thank you 😊

Gave +1 Rep to @wraith latch

Hey not a problem, good luck out there

🤟

It's possible, but I've only seen it since in a sane way once

properties are the way

not fields?

field-backed properties?

well tbh accessors and mutators are stupid if you want to go OO zealot

i could see that.

a class should be exposing behaviours, not state

any python modules that will create derivations of strings? e.g., report2019 would produce report2018, report2019, report2020 ...

burp's content discovery does it

TBH that's a rather simple algorithmic exercise.

for that example yeah

Is anyone participating in google hashcode this year?

Kickstart

https://cdn.discordapp.com/emojis/658067905870561282.png?v=1&size=64

Yup

Have you tried one pizza yet

the practice problem? not yet

I think it is true that no one cares about practice problem after all

*sigh

have some ideas, probably not very optimal though

what's your idea?

mine is just bruteforcing for 41 seconds

brute forcing but intelligently

But probably just avoid the most hated ingredients

This might be a dumb question but is becoming a software developer the best way to become good at programming?

IMO that's putting the cart before the horse, you need to be a good programmer before getting a dev job.

I'm not particularly interested in dev jobs, just getting comfortable writing programs/scripts necessary for security

So don't become a software developer if you don't want to be a software developer?

Sorry I think this must be one of those don't ask to ask situations

the interviewer process for a dev role usually has technical and practical tests to judge your programming knowledge and ability. Best way to learn the basics is to write a bunch of code, and ramp up the complexity of your projects to push the boundaries of your knowledge and ability.

don't need to be a dev for that, maybe know some of the basic principles though

I am currently in commerce stream. Is there any possibility that i could learn and join Ethical hacking or cyber security

Aaaaaaaaah hashcode is hard this year

Hashcode is just a big event to build pressures among the mind of coders

Not worth it if u arent very skilled such that google calls u for interview

Big disagree. Having hard problems to work on helps programmers to develop the problem solving idioms we rely on to produce quality solutions.

Yeah it was a tricky problem this year

Scoreboard froze us at 1017th

But it's usually fun challenges

My god I had no idea what to do

Is the solution getting as much level ups as possible?

I am mentally damaged after hashcode

Haha

We manage to get about 1.8 million points

That was with a pretty dumb algorithm

I don't think there's one good solution here, its an optimization problem, and a complex one at that

They usually open up a practice mode afterwards

We couldn’t finish it in time

And were stuck on writing a dum algorithm

Lol

We found the dumbest solution possible, threw it on all the files and submitted those to get some points, then worked on optimizing

Got us maybe 40% of the way there in about 40 minutes

Well 80% of our final score anyways

Did you use any objects

Sure

Had a collaborator object, a project object, a skill object

We spent an hr and half writing inputs

Reading the inputs is a basic parsing job, took us half an hour to get all that set up

And outputs as well

We had contributor object that holds every contributor details

Contributor had a name and a list of skills

Project had the project details and a list of roles (also the skill object)

And I ended up writing a super long if statement

Ha

That i dont even know what I was writing

That happens

We took a bit of time to diagram everything out

We tried using intelligent bruteforce to this

But didnt know what to bruteforce lol

Mentorship made this problem so hard

We mostly ignored the mentorship angle

That was a 10% issue

IMO those that got 33 on the example are the ones who got level ups working properly

In my opinion, there were 3 major stages: prioritise the projects to do first, work out the level ups, then try to figure out the mentoring

We got a good chunk of points when we prioritized high scoring projects that could be done quickly

We got another couple hundred k when we deprioritized collaborators recently put on projects

Those were quick wins though, we spend the remainder failing to get a decent algorithm afterwards

Though I think I solved my level up issue

20 seconds after close

I think im still going to try figuring it out

Do you think its okay to prioritize mentoring first and level ups?

Since only one person can mentor several people at a time

Does anyone know a thing or two about Mac OS through virtual box?

It's against their terms of service and licensing, effectively software piracy unless it's on Apple hardware. Please don't discuss it here.

SELECT (select sum(Total_Amount) from sale where Party_name='Restaurant') - (select sum(Amount_Recevied) from cash_book where Party_Name='Restaurant') as money_left ; there is a mysql command to get a money_left of a single party name BUT WHAT will be the command if i want money_left with party_name from all party exist in the table.

Not sure I follow what you're looking for. Example gets a sum of sales of party x, and subtracts the sum of received money from party x right?
And you are looking for sum of all money received minus sum of sales of party x or smth else?

I just debugged the code that wasn't working last night and scored 3 289 254 points in practice mode

Thats truly impressive

Ive been trying to figure it out around 2 more hrs after close and ended up getting stuck in an infinite loop 💀

yeah I had some of those

can probably scratch out a few more points by getting the mentoring bits implemented

My program keeps running into the situation where no contributors can work on remaining projects due to their level requirements

Did you guys have to prioritize some certain contributors to level up?

not really, could be a good idea though to try to match exactly as close as possible then fan out

a lot of points can be gained just by tracking the contributors properly

our first guess didn't worry about levelups or anything, just put as many people on the projects as possible

I would like to show the problem through screen share so that it will be more clear plz tell me when u r free

Best explanation ever

IM ACTUALLY BUILDING A PROJECT OF SOMETHING WHICH USES A COMBOBOX AND I NEED TO EXTRACT DATA FROM MYSQL AND PRESENT IT IN COMBO BOX AND I NEED TO PLAY A VIDEO WHEN A COMMAND BUTTON CLICK HAPPENS , THESE ARE THE TWO THINGS I NEED HELP WITH IS ANYONE HAS SOME SPARETIME?

Sorry are the all caps really necessary?

are u working in netbeans n mysql project

Can anyone here help me with some python home work?

We don't generally help with homework

What if I frame the questions to exclude references to homework?

@eager gulch .. Thaw your chickens out a day early.

thats what my friends always did

Is asking about something related to the python in my MSc okay if it's just more of a 'why isn't this working and can I learn?'

I can also send it to the tutor but I think it might be minor.

Nevermind, wasn't reading very well 😄

homework questions still have a certain style to them. I.E. We'll know

In a room with ssti, I wondered why the "location" of popen class object changed after a reset, shouldn't it be the same every time considering, python loads it's objects from a library or something?

Is bash scripting good for hacking? Just curious.

you can automate some manual tasks with it

If you can understand bash really well, it would probably benefit you a lot on the terminal

Especially when you don’t have access to other languages that you’re more familiar with

Couldn’t say from experience but I don’t know how many exploits are actually built from C++, I believe metasploit is mainly Ruby and Python iirc

And C

Although metasploit isn’t primarily a privesc tool^

True

Hi,

How are you today?

I am subscribed to tryhackme.com my username is osama.faheem.

I am currently enrolled in a Bachelor of Information Technology (Honours) programme and must complete a research paper. Machine learning for cloud security is the subject of my presentation.

The issue is that I have a presentation in front of a panel of professors in less than a week.
The objective is to develop a neural network-based application to analyse Cloud-based Fraudulent Resource Consumption (FRC) attacks.

I need to replicate the FRC attack by running a script that launches an attack against a cloud-based asset with a specified budget and can output some numbers indicating the attack's intensity. As a result, the attack's effect is that resource consumption becomes a jumble of numbers. For instance, the script can perform Fraudulent Resource Consumption (FRC) and inform us how many resources were affected by the FRC attack.

Then, another script captures and infers that data indicates an actual attack, implying the detection phase. This requires the use of a neural network-based script such as Support Vector.

That is now the assistance I require.

• Is it possible can I use tryhackme virtual machines to perform the attack and show it, my professors, how FRC works?

• Is there anywhere on the internet to obtain these three scripts that combine to perform Fraudulent Resource Consumption (FRC) attacks in the Cloud, detect and block the attack, and then inform us of the number of resources consumed? We are required to utilise Support Vector machines.

I would be highly appreciative if you could assist me with this practical presentation.

Many thanks and regards,

Osama Faheem

So you need it complete in less than a week and you have not got a plan for demoing?

No I have a week left

And you don't have a plan?

how long have you known you have this presentation to do

Have you developed your neural network based application to analyse FRC attacks?

I got this information last Thursday

Hello friend
Hope you all are doing great

Uhh that timing seems suspect to me

Very sus

What's the actual error? One the debug tools and the network tab

Perhaps a silly question, but why do you want the download link to open another tab?

I can't see why this wouldn't work though

It must be a permissions issue

I'm pretty sure people and organizations still use it. I think you need to start checking the permissions the user has got that's running apache, it could be that this user is not able to access the file. Alternatively you may have a misconfiguration in apache preventing this from being accessed.

I hope you may find this resource usefull for troubleshooting steps https://www.cyberciti.biz/faq/apache-403-forbidden-error-and-solution/

Apache is used all the time. It ain't old at all.

It's actively used and maintained. Alongside Nginx and IIS, you've probably got the three most populat webservers

Gave +1 Rep to @onyx merlin

Exclude all the CDN ones and you've got apache, nginx, and IIS

Good luck!

Dunno if it's been mentioned here, but there's a ton of coding books on humblebundle for cheap https://www.humblebundle.com/books/joy-coding-no-starch-press-books

https://twitter.com/saviomartin7/status/1498612113446944768

I am trying to make a python script that simply runs a bash command which I am trying to stop after certain number of lines is reached any ideas of how to approach that?

for example I want the bash script to output

1
2
3

to a file
then stop the bash script

well, you would need a loop

But, why python? Why not just do it in Bash

I am just more familiar with python is all, the script is just a subdomain enumeration script so I want it to only print out the first 100 subdomains to prevent infinite loops, but that would require multithreading I guess?

If you really want to use bash from python, you can look into the os Module but it'd be inefficient imo

any better ways of doing it? I don't mind doing it fully in bash

Well, you need some module to interact with bash and run commands, and os module is the most common/documented iirc

do you get an error message?

what's the exact message?

+FollowSymLinks?👀

As pointed out here, all Options must start with + or -, ...

hey guys

just a small help

like for the past 2 days ive been getting issue using python setup.py install method

its says setuptools and easy install are deprecated

can someone explain me about the use of setuptool,wheel and egg on python

and it turned out to be i should be installing using pip install from the git folder

what does it say now?

Did you check whether the user running httpd had got permissions to that file?

Just remember that everything you do on apache, is ran as that user

Something similar like this one for ethical hacking?

They regularly do release security focussed bundles. There aren't any on at the moment.

Same publisher

They were referring to the programming bundle I linked earlier

I'm aware - it looked like they were asking for ethical hacking bundles?

Asking if it was similar to the ethical hacking bundle I thought

But maybe upon second reading

Don't think it's wise to run that as sudo

Are you not running it as a service as apache typically does?

That's not running as root, that's running as a service. Usually as apache or whatever

Oh dear

Yeah that's just running the service, which as James mentioned, is not necessarily, and should not be, running as root

Do you have a .htaccess file blocking the file or something?

401 generally means you need some form of authentication

And/or authorization

https://httpd.apache.org/docs/2.4/howto/htaccess.html

Has anyone every had an "SSL: CERTIFICATE_VERIFY_FAILED] certificate verify has failed: certificate expired.

And been able to fix it? (This isn't my problem, it's a college peer)

Is their certificate actually expired?

No, everything is up to date.

Did they check the certificate though? The valid from and valid to?

He'd get that in his settings of his browser?

(overleaf is just what I have open rn, doesn't really matter. Steps are for chrome.

Got ya

It's most likely that the valid to date has passed so whatever it is needs to generate a new cert

🙂 thanks.

Hey all, bit new to unit testing. Working with jest and I'm trying to exclude a directory with testPathIgnorePatterns. However, when I look at the coverage report I see the directory is still in the report. I'm kind of assuming that means it isn't being ignored, is that a correct assumption?

unfamiliar with that particular tool - i'll take a look at jest this evening

is that a JS thing?

haha yes it is

🤮 I'll take a look anyway, because it's you asking

you're too kind. If I figure it out before that time I will report back so you don't have to 😉 hahaha

so i had two minutes to look up that testPathIgnorePatterns thing - it's likely that either your regex isn't tuned correctly enough. can you throw up an example project to verify behavior?

I think I got it, looked into the jest configuration where I noticed that testPathIgnore and coveragePathIgnore were 2 different things. It should be all good now

thank you for the effort!

https://youtu.be/Uo3cL4nrGOk

have you seen this?

'such a messy language. I love it'

I feel like it's going to erode what is left of my soul..... the Destroy All Software JS talk is the best

https://www.destroyallsoftware.com/talks/wat

hahah, nice video

audience losing their shit in there, haha

just remember, addition operators in JS aren't commutative 🙂

so nothing JS does with an operator is math!

https://tenor.com/view/batman-gif-10091619

I feel like watman needs to be a THM emoji

So I'm not programmer by any stretch of the imagination right, but I'm trying to comprehend two things in Python:

1. How do I correctly define a function?
2. How can I incorporate argparser within said function?

I'm trying to build a URL unshortener (I know there are some API's for this, I'm going at it manually because these services do not always give a HTTP 301 response with location header, a lot of them do it in JS apparently)

The idea is to do a HEAD request on a argparse argument (URL that the user gives the script) to see whether there's a redirect response and to search for a location header. At this point I disallow redirects and want it to be set to allowed in case there are multiple redirects.

I think it'd be neater and more efficient to have this inside of a function, but I'm not sure what else I need to add because as soon as I add: def Functionname() the whole thing breaks, so I suspect I need to add something within the ().

My code so far is this:

import requests
import argparse

parser = argparse.ArgumentParser(prog="Unshorten",description="Did you get a shortened URL that you don't trust? This tool will unshorten it for you so that you can see where it actually leads to.")
parser.add_argument("-U",
help="Enter a shortened URL to examine. (E.G: shorturl.at/lAFRY should lead back to my Github repo)",
required=True)
parser.add_argument("-V",
help="Verbose output")

args = parser.parse_args()
Short_url = args.U
verbose = args.V


try:
   r = requests.head(Short_url, allow_redirects=False)
   print (r.status_code)
   if r.status_code//100 == 3:
       print (f"Status code:{r.status_code} \nRedirected to:{r.headers['Location']}")
       allow_redirects=True

       if r.status_code//100 == 2:
           print (f"Final destination: {r.url}")

except:
   print (f"Nothing was redirected")```

I'm pretty sure my nested if statements are wrong as well

If a user gives the argument -u I just want it to display the final destination. If you add -v I want it to show every URL it gets redirected to

plz check my question here https://stackoverflow.com/questions/71340760/how-to-get-mysql-data-using-jdatechooser-upon-choosing-date-to-jtextfield-in-net

What's the runtime error you're getting, is it "unexpected token void" by any chance?

I think you have a slight syntax error, GetOs() should be getOS() I think, other than that no clue as this is not really my thing

you need a colon after the def iirc

Try putting your code into a syntax checker such as https://jshint.com/

def fn():

Yes you're right, apologies I wrote the pseudo code a bit too fast. Even then it's still broken, I think I need to add something inside of the ()

if it's in a class you need the self keyword

I've not created a class within the code

do I need a class for a function?

not that I know of

() alone should work

that's what I had thought too 😦

i have already declared it no error related to that

though anything created in the scope of that function will be lost unless returned

functions and classes are all magic to me

I did try to mess around with returns, but I kept the nested if statements which are probably not helping either

oof

I think I need a for loop

then some if statements

here's a simple port scanner I wrote with classes in py: https://github.com/Hydragyrum/py-port-scanner/blob/master/port_scan_v2.py

and return the stuff I need

thank you @brazen eagle I'll take a look at that to see if that makes sense, perhaps that contains the answer I need

Gave +1 Rep to @brazen eagle

I stole a few bits from Muiri

Ah so you've included more than just Self within the () inside of the function

but that's all in its own class

that's object oriented right? (trying to get my terms right)

ish

I included the function arguments in the function, as those go 😛

What's the error you're getting?

So I think that's what I need to end up doing somewhat

because I am using argparse for my argument because I want it to be ran from the CLI

like how some other tools are run such as nmap, nikto, etc

Just trying to automate some manual reconnaissance

seems fair, you'll need to store your args somewhere though

So parser.add_argument("-U", help="Enter a shortened URL to examine. (E.G: shorturl.at/lAFRY should lead back to my Github repo)", required=True) parser.add_argument("-V", help="Verbose output") might not be enough?

The script does "see" it if you will and it takes the argument

that's a start

if the argument is required, then the -U isn't required, use a positional argument

When I run it, it looks like this

that looks alright though

It so far only works for sites that actually give a redirect response and have got a location header

I need to look at some examples where they use JS to redirect

The JS will be harder to process

yeah

I was thinking of going at it the lazy way

regex and hand grenades?

to just set redirect to false first, then set it to true actually

but that's probably not the safest option

You won't process the js in python

It'll just be plaintext

I'm also considering including proxychains within the script, because the main reason I started to make this is because a lot of phishing emails I get will redirect countless times to other pages

Might want to sandbox that as well

That's another problem to sort haha

no idea how to tackle that, can't even get this stupid thing to work with my pea brain

been at it for 3 days straight and it works 50%

I really like your port scanner tool

It's bad though :p

it works though

mine doesnt

XD

the error is this:
Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException
at java.base/java.util.Calendar.setTime(Calendar.java:1800)
at java.base/java.text.SimpleDateFormat.format(SimpleDateFormat.java:974)
at java.base/java.text.SimpleDateFormat.format(SimpleDateFormat.java:967)
at java.base/java.text.DateFormat.format(DateFormat.java:374)
at NewJFrame16.GetOs(NewJFrame16.java:184)
at NewJFrame16.<init>(NewJFrame16.java:21)

as i told u the date is not selected

might want to break out the debugger to see why

Yeah it does seem to fail on that library

it tells you on which lines it fails too

it's probably some kind of syntax error, but unsure since you didn't give the full code I think

standard lib though, probably not a bug there, but rather you're passing a null to it

ya

but i have to put it is a event

figure out where the null is coming from, probably a misconfig

on running time as date is not selected the error is coming

if it get implemented with an even like on selected date then the code may run

Oh man I think I really broke it now

    # def __init__(self):
    #     self.
    def parse_arg(self):
        parser = argparse.ArgumentParser(prog="Unshorten",
        description="Did you get a shortened URL that you don't trust? This tool will unshorten it for you so that you can see where it actually leads to.")
        parser.add_argument("-U",
        help="Enter a shortened URL to examine. (E.G: https://cutt.ly/dAd4ipy should lead back to my Github repo)",
        required=True)
        parser.add_argument("-V",
        help="Verbose output")

        args = parser.parse_args()
        self.args = args
        Short_url = args.U
        verbose = args.V

    def Unshorten(self, url, args):

        try:
            r = requests.head(Short_url, allow_redirects=False)
            print (r.status_code)
            if r.status_code//100 == 3:
                print (f"Status code:{r.status_code} \nRedirected to:{r.headers['Location']}")
                allow_redirects=True

                if r.status_code//100 == 2:
                    print (f"Final destination: {r.url}")

if __name__ == "__main__":
    URL_Unshortener = URL_Unshortener()
    URL_Unshortener = parse_args()
    URL_Unshortener = Unshorten()```

  File "Projects/Python/Unshorten.py", line 41
    if __name__ == "__main__":
    ^
IndentationError: unexpected unindent

You can't have try without except

Thank you

Gave +1 Rep to @onyx merlin

Now I have another error to explore, but at least it tries to run now

still got lots to learn with python...

great it's working again!

Sort of anyway

I've got the class and def function working now, I am at the stage now where I need to define what to put within the () I think

    # def __init__(self):
    #     self.
    def parse_arg(self):
        parser = argparse.ArgumentParser(prog="Unshorten",
        description="Did you get a shortened URL that you don't trust? This tool will unshorten it for you so that you can see where it actually leads to.")
        parser.add_argument("-U",
        help="Enter a shortened URL to examine. (E.G: https://cutt.ly/dAd4ipy should lead back to my Github repo)",
        required=True)
        parser.add_argument("-V",
        help="Verbose output")

        args = parser.parse_args()
        self.args = args
        Short_url = args.U
        verbose = args.V

    def Unshorten(self):

        try:
            r = requests.head(Short_url, allow_redirects=False)
            print (r.status_code)
            if r.status_code//100 == 3:
                print (f"Status code:{r.status_code} \nRedirected to:{r.headers['Location']}")
                allow_redirects=True

                if r.status_code//100 == 2:
                    print (f"Final destination: {r.url}")
        except:
            print ("something went wrong")

if __name__ == "__main__":
    URL_Unshortener = URL_Unshortener()
    URL_Unshortener.parse_arg()
    URL_Unshortener.Unshorten()```

So if I run the script without any args it gives me the helpfile (expected behaviour)
I give the -U argument and it goes straight to the except (not expected behaviour)

I think in the Unshorten function I need to add something more other than self, but not sure how to approach this, this is what I feel I have been stuck on for a few days

you missed the exception catch earlier yeah

you also need self.short_url = args.U

otherwise it stays in function scope

try to keep your naming scheme consistent though, and for python, follow the pep8 standard

I prefer lowercase args where possible, though URL should be positional

eg: unshorten.py -v url_to_unshorten

rather than unshorten.py -v -u url_to_unshorten

also, pro tip: you can use ````python` in discord to set the language for syntax (python in this case)

Sorry I figured out a slightly different way to fix it

I did this in the end within the Unshorten function ```python def Unshorten(self):
# print (self.args.U)

    try:
        r = requests.head(self.args.U, allow_redirects=False)
        print (r.status_code)
        if r.status_code//100 == 3:
            print (f"Status code:{r.status_code} \nRedirected to:{r.headers['Location']}")
            allow_redirects=True

            if r.status_code//100 == 2:
                print (f"Final destination: {r.url}")
    except:
        print ("something went wrong")```

Don't think that quite worked for me oh well

Within my r parameter I defined it in there because it felt a little neater to me, got to the same conclusion as you luckily through a lot of trial and error

Oh, how do I go about that?

see the hosts param in my example

basically don't set a -name

wait

eg:

parser.add_argument("hosts", help="The target(s) IPs. May use CIDR notation to scan multiple hosts in parallel.")

that works as well

but it's ```python on the same line 😉

python test

missed again I think

pythontest

the f

I feel so dumb today

```python
code here
```

like that

test

there we go

gotcha

you can use a bunch of other languages as well

That's good to know

Right so thats how that works. As long as I make that the first argument, it knows that's the first one and then I can use -v for verbose output (once I decide how I want that to look)

doesn't need to be the first in the def

but if there's more than one then it'll take them in the order defined

Still, that suggestion makes even more sense because I always want to supply a url so no need for -u

yeah

Hi guys, I could use some help with numpy module

I am given an numpy.array, for example:

print(a)
array([[1, 2],
       [3, 4],
       [5, 6],
       [7, 8]])

Now I need to get an array which has average value of every row. So result here would be:

array([1.5],
      [3.5],
      [5.5],
      [7.5])

I can't find the right solution (other than looping through with for loop)

there has to be some better way

Do I smell a homework question? 👃

you smell correctly.

I wish I could help

but I suck

and I don't think people generally help with homework on here tbh

thanks anyway lol, at least you cheered me up a little

Your first point of contact for homework questions should always be your instructor.

It works!!!

looks a bit odd that it loops 3 times to what looks like a 200 response

Yeah that's github for ya

They respond a lot

well it's going to the same place

Not sure how to manage that

will still tinker with it though

see if I can get some output on how long it took to process the URL etc.

You could check if the url is the same as before just using if and have the print function after the check.

That could work

What do you use to find the link? Is it a redirect header?

Yeah, I look for the status_code//100 == 3 to catch any of the 3xx response codes, within that a try to gets the header location via a HEAD request because its faster than GET. Then I do a separate GET request in a for loop

https://twitter.com/owasp/status/1499761713671028739

Thats actually awesome, but I think you could skip the 3xx check entirely and just check the header cause some url shorteners give you a code 200 and than have like a php / js thing that redirects a few second later, guess there no solution to that though.

Yes thats true, I'm trying to think of a way around those script

You could check the source for those types of scripts using some regex, not sure if it’s possible with php though

If the source isn't obfuscated yes

Hate these scammers man

With their million redirects

There has to be a way to “remain” on the page for a few seconds to see if code runs.

You could check operations available under numpy like reduce, average (read the docs)

It’s scummy but you get website visits haha

Yeah, theres a allow redirects

Web is stateless, 'remaining on the page' just means letting their JS sit on your browser engine for whatever the time frame you specify is

Yeah and IIRC js can redirect you.

You'd need a headless browser, or to inspect javascript

Oh good to know, thanks.

Gave +1 Rep to @onyx merlin

Is the chromium python module a headless browser?

It worked perfectly with np.mean() thanks anyway

Gave +1 Rep to @plucky helm

It looks like it yes, you can set so using something like ```python
opts = Options()
opts.set_headless()

I'll look into this further to see if I can use this the way I want

Hi,

I hope everyone is okay.

I am doing a research project for my Bachelor of IT (honours) on Machine Learning for Cloud Security.
This research paper discusses the Fraudulent Resource Consumption (FRC) Attack and uses Support Vector Machines (SVM) to detect cloud-based FRC attacks. Fraudulent Resource Consumption (FRC) attacks are created by slowly using cloud services' metered resources. The attacker's goal is to abuse the utility pricing model by stealing cloud resources. This skilful resource overuse results in a significant cost burden for the client. These assaults employ low-intensity HTTP requests per hour, like legitimate users. Due to this, FRC attacks are difficult to detect. FRC is an Economic Denial of Service (EDoS) attack that targets cloud adopters' financial resources by increasing their costs. Unlike DDoS assaults, which can temporarily block legitimate users from accessing services, EDoS attacks can significantly increase cloud users' costs. Support-vector machines (SVMs, also known as support-vector networks) are supervised learning models that examine data for classification and regression analysis.

Now I want guidance for a script that Can capture this generated FRC traffic, run SVM on it for training and then run SVM on it for testing. Training can be one script, and testing can be another script.
Secondly, is it possible to use AWS or Microsoft Azure to perform these testings

I shall be highly grateful if you could kindly guide me in this.
Thanks & regards,
Osama Faheem

https://owasp.org/www-community/attacks/Cash_Overflow#:~:text=A Cash Overflow attack is,provider to disable the application.

Thanks @onyx merlin

Gave +1 Rep to @onyx merlin

hello , I am stuck at the blackjack problem of kaggle , the problem is that I am unable to understand the problem

In this problem we'll be working with a simplified version of blackjack (aka twenty-one). In this version there is one player (who you'll control) and a dealer. Play proceeds as follows:

The player is dealt two face-up cards. The dealer is dealt one face-up card.
The player may ask to be dealt another card ('hit') as many times as they wish. If the sum of their cards exceeds 21, they lose the round immediately.
The dealer then deals additional cards to himself until either:
the sum of the dealer's cards exceeds 21, in which case the player wins the round
the sum of the dealer's cards is greater than or equal to 17. If the player's total is greater than the dealer's, the player wins. Otherwise, the dealer wins (even in case of a tie).
When calculating the sum of cards, Jack, Queen, and King count for 10. Aces can count as 1 or 11 (when referring to a player's "total" above, we mean the largest total that can be made without exceeding 21. So e.g. A+8 = 19, A+8+8 = 17)

For this problem, you'll write a function representing the player's decision-making strategy in this game. ```

as far as i understand is that whenever the player count is less than 21 the player should hit

It’s strange that you would be programming the player’s inputs but it’s just the same as the dealer’s when the player chooses to stand or exceeds 21

but the next move of dealer is implement through their program

Not sure what you mean

It would be something like

function player_decision(cards):
if total(cards) >= 16:
return stand

else:
    return hit

If I’m understanding correctly

And then you would throw in a catch if there’s an ace card on the hand

if total(cards) >= 16 AND ace == false:
return stand

Actually i have issue with my CMOS battery and it actually changes my time to random. Can anyone help me to create a automatic script to change the time?

What do you mean by random?
Issue with times on Windows and Linux (dual boot)?

You could use NTP (Network Time Protocol) to automatically update the system time, no scripts needed

...replace the battery?
An issue with the battery won't set your time randomly, it'll set it to a zero value of sorts

That 1 Jan, 1970 or something?

Depends on the system

Of the systems I've been messing with, some are 1st Jan 2015

That for Unix time, perhaps you used different systems. I ain't familiar with others a lot 😅

Yeah. We're not talking operating systems though, this is lower level.

Oh ok, still out of my league 😄
Just worked onxv6 system in one of my courses

Is there someone who could help me with windows hooks in c++?

Hi there, quick question. With python and sockets...sometimes while fuzzing a buffer overflow vuln I need to add "\r\n" to the end of the payload string sometimes not. What is the indicator for that?

"\r\n" are ascii characters basically, for the enter command (return and new line), I don't think, you usually need them in service-based interfaces(if you're using s.send in python)

If I've confused something again,

@tulip sail can explain it better

you'll probably want to count what's been drawn and assess the probability of going over 21

Ah nice thank you

Gave +1 Rep to @tropic minnow

Depends on the implementation of the program you're sending it to.
\r\n are a carriage return and linefeed respectively -- combined they represent a newline in Windows. *nix systems just use \n. Old Macs used \r alone but now use \n like the rest of the sane world.

It's basically just telling the program that the line ends here, which, for some programs, is how they denote the end of the expected buffer

is there any good way to pass reference value of immutable object in python . I can't find one
or is that not allowed in py ?

hey guys yesterday i decided to make wordpress themes and i came across to an error

so it is supposed to look like this

Open console, see if the CSS is being loaded or if it's erroring

the code on my terminal has been loaded

Browser console. Devtools.

Learning how to use devtools is really really useful for frontend stuff

Check what CSS files are being loaded and used

Network tab can help

Nothing out of the ordinary there to me

Have you tried clearing your browser cache?

No I havent, I will try

ok i did that but no results so far

also i did a debug session

it found no results

It was worth a try. Do you maybe need to go to webaddrews.mac like in the example screenshot?

no because i run bitnami

in order for me to run wordpress i need to go to 127.0.0.1

and i coded another sectin of it and i saw changes

man i didnt know that making themes is so hard

even the tutorial cant help me ( pls dont judge me )

here is the tutorial

Sorry man, I can only suggest your site has issues loading the CSS or it is loading it fine but the CSS is not doing what you expect it to do

it has to be a bug or something

It won't be

elaborate

There's a lot of troubleshooting you need to do first, especially if you want help

Troubleshooting such as looking for help on google. A quick search result for "why is my css not being applied" yields https://stackoverflow.com/questions/16513530/why-is-my-css-style-not-being-applied

It's very normal to assume that because something isn't working, it must be a bug.
I'm here to tell you that 99.999% of the time, it's user error. It's something you've done wrong.
That's not a bad thing. It means you can fix it. Careful reading, intelligent troubleshooting.

Well said

alright i will do that

Wordpress does not like this

I would put money on this being a case of the CMS trying to use an absolute URI for a non-existent domain to load the CSS file

so what would fix this issue?

Checking the absolute path in settings and ensuring that it's resolvable

thank you for your answer i appreciate it

Gave +1 Rep to @tulip sail

Hello

@brazen eagle hope I'm not disturbing you but I've finished making the tool. I may make a 2.0 which will incorporate chromium in sandbox mode for those sites that use scripts to redirect you to another page. Take a look at the source code if you'd like to try it out for yourself https://github.com/JuanVG93/Python-Scripts/blob/82c7ff8577771bc3cdbb87f022be6392791ce674/URL Unshortener

you should probably refactor the common bits in the two blocks in the unshorten function

hi

i am wondering what to do here

What about redirect chains?

Works with those too

Hi, this is not the right channel however there are a few issues I see.

1. You need to start the machine
2. Either connect to the THM VPN so that you can use your own machine to interract with the ones on the network or you can use their attackbox
3. There's a directory of channels dedicated to room help, check if the name of the room is on the list or go to #room-help

But doesn’t automatically follow them, right?

It does on a redirect, it's kind of the point of the tool.

A single redirect? Not chained ones?

Requests might follow redirects by default on a get

Ah, right. Should every hop be logged?

It won't log every hop though

It does on a get, that's what the for loop does

Yes it works with chained redirects when I was testing

I missed that for loop, makes sense 🙂

Oh dear gods I did not know requests kept a history

Neither did I

Was pleased to find out they did! Haha

Ok sure why not

I'd've just shoved the for earlier calling head until I got the 200

Still won't grab js redirects

Sadly no, so I was thinking about making a 2.0 which will use chromium in sandbox headless mode which can grab the JS (I believe)

Should be able to

Will it be able to give you the URLs though

I have no idea, but will find out

Fun project this and I think it could be useful for the community

Wonder how it handles https://admin.hydrashead.net

Let's find out... Give me a few minutes

It doesn't pick up on the redirect as this is done by a script
Browsed to it myself and it made me lol

:)

Should set up a dns entry to vouchers.tryhackme.hydrashead.net

I wonder if I had used sessions instead, it it would've picked up on it

Doubt it, it's javascript

can someone help me with something regarding a java program that i'm trying to run that needs java -cp to run?

https://dontasktoask.com 🙂

what's interesting is that, the article details almost exactly the same question the're asking!

Sure

hello

hey, anybody here knows any server focused towards web development? or front end in specific?

There are tons

Might want to pick a language first though

also front end and server are a bit contradictory

I imagine they mean discord server

Oh maybe

I didn't think of that

Picking a language is also good for finding a discord server, especially as some languages have main servers

But if you’re going into frameworks then you can use the Discord for that framework etc

Or look for just a YouTube channel that does web development, their discord usually will have help channels

hello

yeah

dms

Can someone please explain this to me:

`imelda = ("More Mayhem",
"Imelda May",
"2011",
((1, 'Pulling the Rug'),
(2, 'Psycho'),
(3, 'Mayhem'),
(4, 'Kentish Town Waltz')))

even = list(range(0, 10, 2))
odd = list(range(1, 10, 2))

with open("imelda.pickle", "wb") as pickle_file:
pickle.dump(imelda, pickle_file)
pickle.dump(even, pickle_file)
pickle.dump(odd, pickle_file)
pickle.dump(2998302, pickle_file)

with open("imelda.pickle", "rb") as imelda_pickled:
imelda2 = pickle.load(imelda_pickled)
even_list = pickle.load(imelda_pickled)
odd_list = pickle.load(imelda_pickled)
x = pickle.load(imelda_pickled)`

if I swap the even_list and odd_list variable names it swaps the contents as well

I don't know why because I thought it "loaded" the contents based on how it was imported? Essentially regardless of the variable name I should be getting the same results

yes I meant the discord server

yeaa, I am looking more towards a mentorship / tip & tricks based youtube channel as I have received a plenty of resources to look through 😅

so lemme knw if u got any

Doesn't have a Discord, but if you haven't already, amazing YouTube channel for webdev https://www.youtube.com/c/TraversyMedia/videos

Thanks for letting know

Also learn CSS Flex

WDYM by this? The file is read in order, so the data gets assigned to whatever variables you read it in

Hi, I was wondering what this assembly code is, are these key scancodes? https://github.com/ricbit/brmsx/blob/master/DEBUGSR2.INC

Precisely, but if I swap the odd / even variable names it will swap the output when i print.

Hello everyone, I’m thinking of joining Kenzie Academy to help me become a software engineer, any thoughts on the program? I’d appreciate any input.

Thanks

Hey guys anyone using Mac M1 for back-end dev?

hello there, I was just wondering which programming languages you are trying to learn

Can i ask a JS question🙂

I'm a bit confused with these 2 if statements

const first = 30;
const second = 70;
const third = 120;

If(first && second && third > 100){}

So in this condition, so js will see it like this

is first > 100  ?? //false
second > 100  ??   //false
Third > 100   ??  //true

If all three are greater then only that condition will be true right sir? So

And if we'll use it like this

if ( (first && second && third) > 100){}

In this case first this code will execute (first && second && third)
So here that short circuiting concept will apply as all three are truthy values so it'll return the last one which is third
And then it'll check if its greater then 100 or not

Am i right sir??

For the first if, no

It'll short circuit on first, because it's truthy

Thank you sir..
I got this now

I am trying to make a java object secure (Not be decompilable / access the vars within) and I can't seem to get it working without messing up the execution of the file, can anyone recommend good and free obfuscators / ways of making the code more secure myself?

Proguard?

Whoever is going to run the code is going to need to be able to access the bytecode, somehow. There's only so far you can get with securing the code. Unless you mess with custom class loaders and encryption, the byte code will be available to the end user.

And even with encryption, the end user will decrypt the code. So they'll be running the unencrypted code. That being said, Proguard is pretty standard and freely available.

Is it possible to make the object class read only? I feel like it isn’t but still

the class file itself?

yeah, so another class file can talk to it but it can't be read.

The class loader reads in the file, so it needs to be readable.

Object visibility scopes?
public, private ?

It's still in the file itself so it can be read

If plausible, use a server then to perform your secret-sauce procedure that you are not willing to share

😄

actually, that's a good idea haha

yep, SaaS would solve that problem, if your platform is secure 🙂

but there is one big problem