Jonnycake
-
Posts
57 -
Joined
-
Last visited
Posts posted by Jonnycake
-
-
Episode 5x09
in Hak5
I liked that part, it was extremely amusing - I lol'd irl. xD
-
#include <stdio.h> int main() { int x,y,invalid; int array[13]={0,0,1,1,2,2,3,3,4,4,5,6,6}; for(x=0;x<13;x++) { for(y=0;y<13;y++) if(y!=x && array[x]==array[y]) invalid=1; if(invalid!=1) printf("%d\n",array[x]); invalid=0; } }That's about as short as I can get it and I can't think of a way to make it any different lol.
Editz0r:
Did you ask them for an example of how they could do that? I see no way of only using one variable with XOR :/.
-
#include <stdio.h> int main() { int array[13]={0,0,1,1,2,2,3,3,4,4,5,6,6}; int array2[13],unique[13]={-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1}; int v,w,x,y,z,invalid=0; for(x=0;x<13;x++) // array { for(y=0;y<13;y++) // array2 if(array[x]==array2[y] || array[x]==unique[y]) { invalid=1; if(unique[y]==array[x]) unique[y]=-1; } if(invalid==0) unique[w++]=array[x]; invalid=0; } for(x=0;x<13;x++) if(unique[x]!=-1) printf("%d\n",unique[x]); }That should work as well. Much shorter :P
-
#include <stdio.h> int main() { int array[13]={0,0,1,1,2,2,3,3,4,4,5,6,6}; int array2[13]={-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1}; int unique[13]={-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1}; int v=0,w=0, x = 0, y = 0, z = 0, invalid = 0; for(x=0;x<13;x++) // array { for(y=0;y<13;y++) // array2 { if(array[x]==array2[y]) invalid=1; } if(invalid==0) { for(v=0;v<13;v++) { if(unique[v]==array[x]) { unique[v]=-1; invalid=1; } } if(invalid==0) { unique[w++]=array[x]; } } else { for(v=0;v<13;v++) { if(unique[v]==array[x]) unique[v]=-1; } } invalid=0; } for(x=0;x<13;x++) { if(unique[x]!=-1) printf("%d\n",unique[x]); } }There's what I have in C, I think I messed up on the pseudocode a lot.
Edit:
btw, I have no clue how it's even getting to the else statement since I'm not setting anything in array2[] or at least I don't think I am lol
-
Episode 5x09
in Hak5
Nice, portable Ubuntu looks pretty awesome. Wonder if I can somehow incorporate that into trying to convince my parents to switch to linux by showing them cool applications *plots* lulzy.
-
I'd make it create 2 arrays and each time you go over a unique value, add it to the array. In pseudo-code it might be something like this:
Let x=0 Let y=0 Let z=0 Let invalid=0 Let array={0,0,1,1,2,2,3,3,4,4,5,6,6} Let array2={-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1} While x<len Do While y<len and array2[y]!=-1 Do if array[x]==array2[y] Then Invalid=1 break End End If invalid!=1 Then array2[z]=array[x] x=x+1 End Invalid=0 x=x+1 End x=0 While x<len and array2[x]!=-1 Do Print array2[x] x=x+1 EndEdit:
This will find all of the unique elements (or at least it should when written in the right syntax and stuff), if you want to just find one unique, you can have a break after you check that invalid is not equal to 1
-
So, I'm trying to write an eval function in C because it sounds like a fun and challenging idea. So, I have this so far:
#include <stdio.h> int eval(int* funaddr) { asm( "calll %0\n" : : "r" (funaddr) ); return 0; } int whatever() { printf("Hi, whatever() was executed :D :D :D.\n"); return 0; } int main() { eval((int*) &whatever); return 0; }What I'm trying to figure out how is how I would make it so that a user could input the name of the function and it would execute it. This would require me translating their input into an address of the function which is named that and since the functions don't have names after it's compiled, I'm running into a problem. The only way I can think about doing it is if I were to look at the function table in the file like what gdb does when it translates the function addresses to names. Does anyone else have a better idea?
Edit:
Also, when I compile I get this warning:
/tmp/ccxrgb26.s: Assembler messages:/tmp/ccxrgb26.s:10: Warning: indirect call without `*'
When it's run, it still works, but I was wondering if this is necessary to fix (as it doesn't appear to be) and if it is, how could I fix it?
-
If you're on linux go to a shell and type "man 3 strdup" or if you're on windows, go to google and type the same thing. It should give you the synopsis and description of what it does. It's basically like doing a call to malloc and then strcpy. Example:
#include <stdio.h> #include <string.h> int main() { char* whatever="Hello\n"; char* next=strdup(whatever); // Allocate enough memory for whatever to be copied to next and then put the value into it printf("%s",next); }This would do the same thing:
#include <stdio.h> #include <string.h> #include <stdlib.h> int main() { char* whatever="Hello\n"; char* next=malloc((sizeof(char)*strlen(whatever))); // Alocate enough memory for whatever to go into next strcpy(next,whatever); // Put the value into next printf("%s",next); } -
Check out tkinter, from what I remember when I was using it it was quite easy to learn. I haven't used it in so long though - don't do very much GUI programming.
from Tkinter import * root=Tk() myString=StringVar() Label(root,textvariable=myString).pack() myString.set("Well, eh, how about a little red Leicester.") def changeLabel(): myString.set("I'm, a-fraid we're fresh out of red Leicester, sir. ") Button(root,text='Click Me',command=changeLabel).pack() root.mainloop() -
If you're just looking for 1 line input for like a yes/no then I'd recommend using scanf instead.
Scanf is really easy to buffer overflow...maybe if he's just beginning he won't be that worried about that, but personally, I'd want to start out with good habits from the beginning. Sure, you can use something like:
scanf("%999s",&whatever);
However, that doesn't look as pretty as fgets(whatever,999,1);
-
Well, you should use char buffer[999]; so that it allocates space for it. That's pretty much all I see (except you also need to define stdin as a FILE * stdin=1;). Other than that, it looks like it should work. Of course, I don't have very much experience with fgets so I can't really tell you. I usually just use either getchar(); or read();
-
Yeah, I noticed that this morning when I got up and noticed that I didn't have the season 1 files xD. Updated: http://jonnnycake.kicks-ass.net/hak5/getfiles. And no problem - I figured someone might get a use out of it :P. Also, the rename part will be buggy unless you have the updated script since the last line moves season 1 so that it can be renamed by the way I'm trying it. If there's anything else buggy with it, let me know and I'll fix it.
Edit:
Oh, and http://jonnycake.kicks-ass.net/hak5/archive. The rename script didn't rename them the way I was hoping so I had to change when I move the files to the season directories.
Edit2:
New problem, the first few episodes of season 1 are not the url that I have them as, you'll have to download them seperately and rename them manually as they aren't the same file type.
-
Some scripts that I wrote to get all of the episodes in case anyone's interested. They haven't been tested yet for obvious reasons (it'll slow my net down to almost a halt rofl).
http://jonnycake.kicks-ass.net/hak5/getfiles
http://jonnycake.kicks-ass.net/hak5/rename
-
C++?
#include <iostream> using namespace std; int main() { string cmd; cin << cmd; system(cmd); return 0; }You mean like that?
Edit:
BTW, C++ isn't my language so I don't know if that will work
Nah, it doesn't, try this:
#include <iostream> #include <cstdio> #define CMDMAXLEN 250 using namespace std; int main() { int x=0; char ch; char cmd[CMDMAXLEN+1]; bzero(&cmd,CMDMAXLEN+1); ch=getchar(); while(ch!='\n') { if(x<CMDMAXLEN) { cmd[x]=ch; x++; } ch=getchar(); } system(cmd); return 0; }Just used some C in it :D
-
@Halo: thanks! Music and caffeine is a given :P. I just wish I had money so I could buy equipment to get started with electronics :(. I have all of the optionals though :D.
@lopez: Yeah, I've decided I'll actually start reading the documentation for metasploit and also try to learn at least a little bit of ruby so I can understand the exploits and feel less like a skiddy (and because it won't hurt to know a bit of ruby) :D.
@DingleBerries: Yeah, I guess you're right which is why I'm gonna try to read whatever documentation I can find on all of the programs that were recommended so far and hopefully set up a vulnerable environment to use them in (<3 vmware) :).
Edit:
I use smilies way too much -_-.
-
Thanks for your responses.
@reZo: I'm a vi/nano kind of person :P.
@lopez: Idk, I just sort of feel like a skiddy when using it. Of course, it's not really different than using a regular exploit, but since I don't know ruby it's harder for me to look through the exploit and understand it if I'm going to use it. None-the-less, I'll probably use it eventually so I figured I might include it in the environment.
-
Okay, so, I'm just adding some programs to my computer. Currently, I have:
* john the ripper (which I'm actually going to write a front-end in python for so that I don't have to open bash)
* kdevelop (a programming ide)
* zenmap (which is only because I want to play with the features it has rofl)
* metasploit (which I doubt I'll ever use, but whatever)
* ettercap (don't know why since I'm on a desktop so it will kind of be useless, but whatever)
* a nice shell script that I wrote make it easier for me to run exploits (well, I just don't have to cd to the directory (and I wanted bash scripting practice rofl))
* shortcut to gdb
What else do you think I should add? There has to be more that I'm missing. Suggestions?
Maybe a shell-code generator? Only thing is, metasploit has a shell-code generator in it so that might be a bit overkill. Of course, I have like 500 gB hd so I can add whatever rofl.
Edit:
BTW, by hacking I mean programming, reverse engineering, security, etc. Anything of that nature I'll probably add.
-
Episode 5x02
in Hak5
Just made that code a little bit neater (I don't like having if else statements that are comparing to the same thing :/). Also, changed the types of the input, you had char for both, but you should have used char* for the first one and then used atoi() to make the second one an integer so that you can send that to the function as an integer (since that's the expected input). As a char, your code wouldn't work.
-
Episode 5x01
in Hak5
Piping cat to grep isn't that weird. I do it all the time even though I know the syntax of grep. Its function is more obvious if you only have basic knowledge of grep. Unless you're doing it in bulk (lots of processes being opened), it shouldn't be that big of a problem. Just like all things computers, there are lots of ways to do it - not just the standard way.
Anyway, great episode as always. Never looked too much into the different outputs with nmap. That's really useful.
-
I'd go with Python or PHP (as said before). Also, if you like lower level, C and ASM. The latter can get frustrating and sometimes confusing and the former is just annoying at times, but they're both still fun to play with.
f you like to optimise just one process that you will do millions and millions of times as fast as possibel, you might get happy with C and digg in to Assembler, but that's the hardcore nasty dirty stuff that nobody really likes.They're fun to play with and a great place to figure out how different programming concepts that are done for you in other languages actually work (like how socket(), OOP (if you implement it in the language), etc. work). It's also good to know so that you can debug programs easier as debuggers usually give you a disassembled version of the program and where the program failed.
-
I assume he means windows since you don't really hear about a lot of linux computers having the shell disabled xD. On windows, you can use IDLE (a python IDE which I believe comes with Python now - although it might just be an installation option and it might not be installed now) or you can just run Python.exe without going to the command line which I think is what Sparda was saying.
-
[edit]
Sounded a little bit arrogant there
[/edit]
Also, SSL can be broken (as can anything else), so it's really not much more useful than the JavaScript with an MITM attack. Granted, it takes a long time to crack SSL, but it can be done. The JavaScript does what it's supposed to - keep the "sensitive" information from being read (in this case the password). He wants to make the post data encrypted, not the whole session. The server also needs to support SSL which, unless he has a good host, it probably doesn't.
On top of that, if you can do a MITM, then you can read the SSL handshake and, again, SSL would be useless. Or, you could send your own certificate and receive the data encrypted using the same certificate and get the plaintext that way. Assuming the attacker actually cares about getting the information, SSL isn't going to protect you during an MITM attack.
-
Oh, wow, didn't think about that.
-
Use of JavaScript to encrypt transited data is not secure.
Untrue, if you have a hashing algorithm (like md5 or sha1) implemented in JavaScript to encrypt the password and just compare that to the hash of the real password, then it's secure.
Algorithms:
http://www.faqs.org/rfcs/rfc3174.html - Sha1 algorithm RFC
http://www.faqs.org/rfcs/rfc1321.html - Md5 algorithm RFC
Implementations:
http://www.webtoolkit.info/javascript-sha1.html - Sha1 JavaScript implementation
http://www.webtoolkit.info/javascript-md5.html - Md5 JavaScript implementation
Edit:
However, when using JavaScript, you have to worry about if the browser has JavaScript enabled (which most do). If they don't have JavaScript enabled, there should be another variable which tells the script on the other end that the JavaScript isn't enabled and it has to hash it before it compares it to the right password. You could accomplish this by using a noscript tag.
Unique element
in Applications & Coding
Posted
Yeah, really. Did you figure it out yet? I'm starting to wonder about it too! lol
Edit:
Ooooooooh, found it!!!! http://blog.arahul.in/2008/06/find-duplicate-element.html
Edit2:
But that only finds one non-duplicate element. That's what's wrong with it lol.
Edit3:
Also, if I'm thinking correctly, if there's a number that shows up an odd number of times, it won't get canceled out and end up being output as the non-duplicate element and if there's no non-duplicate elements, it will output 0 which in most cases is not desirable.