Jump to content

pr00f

Active Members
  • Posts

    1207
  • Joined

  • Last visited

  • Days Won

    11

Everything posted by pr00f

  1. am folosit clonezilla in trecut, sau faci la mana cu dd/ddrescue.
  2. vezi ce bios este si poate gasesti ce trebuie aici https://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html am rezolvat un insyde zilele trecute cu ce e pe acolo
  3. n-ai specificat daca-s nvme sau sata. daca ai ssd m.2 nvme si adaptorul stie doar m.2 sata, sau viceversa, iti dai seama de ce. cand bootezi de pe un os, si bagi adaptorul usb, iti vede device-ul? filesystem-ul? cu alt drive merge? n-ai specificat ce os-uri incerci, dar stiu ca windows-ul este dubios la boot de pe external media.
  4. from datetime import datetime ... while True: ... wks.update(f'A{row_num}', leq_level) wks.update(f'B{row_num}', datetime.now().strftime('%Y-%m-%d %H:%M:%S')) ... te joci cu formatul de la datetime cum ai nevoie
  5. row_num = 1 # primul rand de unde vrei sa inceapa while True: leq_level = nsrt.read_leq() weighting = nsrt.read_weighting() weighted_level = nsrt.read_level() wks.update(f'a{row_num}', leq_level ) print(f'DecibelLevel: {leq_level:0.2f} dB, {weighting} value: {weighted_level:0.2f}') time.sleep(1) row_num += 1 incrementarea randului?
  6. aparent mi-am pierdut contul acolo prin 2012. pe torrentleech bagasera ieri invite code pentru refugiatii de pe fl, posibil sa mearga in continuare, dar nu foarte mult, mai ales ca au dat-o la intors fl.
  7. ./binary? Stii ca poti sa rulezi un binar din orice locatie relativa sau absoluta, nu? In cel mai "rau" caz il linkuiesti in /usr/local/bin sau faci ~/bin pe care-l pui in path, si tragi link-ul acolo, asa procedez cu binarele din repo-urile din ~/git.
  8. de cate ori ai fost pus in situatia in care sa ai nevoie sa adaugi dosare gramada in path cand navighezi prin ele?
  9. pr00f

    Go language

    Am lucrat la un API al unei aplicatii web (http, mongo, websockets) pentru un client din US, si in momentul de fata lucrez la doua API-uri tip microserviciu (http, mysql) local. In rest 'jucarii' personale.
  10. OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, root, as well as of other users, respectively. The vulnerabilities were discovered and reported by Qualys Research Labs earlier this week, in response to which OpenBSD developers released security patches for OpenBSD 6.5 and OpenBSD 6.6 just yesterday—that's in less than 40 hours. TL;DR: - OpenBSD Authentication Bypass (CVE-2019-19521) - OpenBSD Local Privilege Escalation Flaws (CVE-2019-19520, CVE-2019-19522, CVE-2019-19519) Qualys PoC: https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt Source: https://thehackernews.com/2019/12/openbsd-authentication-vulnerability.html
      • 2
      • Upvote
  11. Daca dai search pe net gasesti link catre Attendance Login System, ceva "Simple application for employee attendance" bazat pe CodeIgniter - locul din care provine hash-ul tau, cel mai probabil. Scrie in README ca parola este "admin". Mergand mai departe, In libraria de management de parole gasesti modalitatea de generare, verificare, etc. a parolelor. In special, gasesti si segmentele: const HASH_SECTIONS = 4; const HASH_ALGORITHM_INDEX = 0; const HASH_ITERATION_INDEX = 1; const HASH_SALT_INDEX = 2; const HASH_PBKDF2_INDEX = 3; sha256 - algoritmul 1000 - numarul de iteratii afMG... - salt gjbZ... - functia de derivare, info mai jos in cod /* * PBKDF2 key derivation function as defined by RSA's PKCS #5: https://www.ietf.org/rfc/rfc2898.txt * $algorithm - The hash algorithm to use. Recommended: SHA256 * $password - The password. * $salt - A salt that is unique to the password. * $count - Iteration count. Higher is better, but slower. Recommended: At least 1000. * $key_length - The length of the derived key in bytes. * $raw_output - If true, the key is returned in raw binary format. Hex encoded otherwise. * Returns: A $key_length-byte key derived from the password and salt. * * Test vectors can be found here: https://www.ietf.org/rfc/rfc6070.txt * * This implementation of PBKDF2 was originally created by https://defuse.ca * With improvements by http://www.variations-of-shadow.com */
  12. Pentru port scanning merge si GNU netcat. Permite single port, sau range. nc -z 127.0.0.1 80 && echo open # sau nc -zv 127.0.0.1 80-1024 # verbose printing
  13. pr00f

    Botii

  14. Teoretic, nu prea ai ce face impotriva unui atac de genul, 802.11 permite lucrul asta. Asta este mai mult o problema dpdv al threat modeling, si nu a tehnologiei. Ai putea totusi sa faci viata atacatorului putin mai grea; ce-mi vine acum in minte: majoritatea adaptoarelor/cipurilor folosite pentru acest lucru lucreaza doar pe 2.4 GHz, iar majoritatea tool-urilor care trimit pachete de deautentificare o fac 'directional' catre clientii AP-urilor vizate (nu stii AP, nu cunosti in mod cert clientii - atentie, clientii fac leak la numele AP-urilor pe care le cauta si te dai de gol). Avand aceste doua lucruri in minte, poti folosi un router dual-band strict pe 5 GHz, sau daca sunt necesare retele pe ambele plaji de frecvente (2.4 si 5), te asiguri ca numele celor doua retele nu au legatura intre ele, si ca MAC-urile lor sunt foarte diferite - majoritatea vendorilor schimba ultimii 1-2 octeti la retelele wifi de pe acelasi device. De ce totusi nu iti permiti ca clientii sa piarda conexiunea? Se poate implementa o verificare simpla, care permite sistemului sa mearga in continuare fara clienti, avand in vedere ca re-autentificarea se face foarte rapid. Ar mai fi o treaba sa comunici prin BT, dar ai spus ca schimbarea tehnologiei nu se ia in considerare, si totodata exista riscuri mari si acolo.
  15. pr00f

    Ajutor

    din vremurile apuse ale 2013 (2013-09-29-135522_670x827_scrot.png)
  16. pr00f

    da

    Ba, io am gasit doar cele de mai jos. Dupa blocat apar popup-uri dar se inchid singure si e relativ ok. Merge filmul sa mearga on-click, dupa cateva refresh-uri, pe langa asteptat cele 60 secunde pentru "update VLC". Iti recomand calduros un s-o fut pe ma-ta, daca tu crezi ca cineva o sa se uite pe bune la filme pe site-ul tau de cacat.
  17. pr00f

    Protonmail

    Folosesc eu ProtonMail Plus pentru custom domain. Este rapid, simplu, are de toate, aplicatia pe telefon e super, si recent au introdus si plugin pentru Thunderbird. Sunt ok.
  18. Step aside python \o/. Meanwhile, curl wttr.in/Tokyo
  19. O sa fie ceva de baut/mancat in cadrul ballroom-ului (inafara de restaurant, banuiesc), sau trebuie sa dam fuga prin alte parti? Avem voie cu bautura/mancare, pe langa restul de "echipament"? "strice"
  20. https://www.shodan.io/search?query=PK5001Z+port%3A23 ¯\_(ツ)_/¯
  21. Scapati de sumo pls.
  22. LEARN TO TAME OPENBSD QUICKLY. http://www.openbsdjumpstart.org/#/
      • 2
      • Upvote
  23. https://imgur.com/a/hjZa3 Luate dintr-un avion Ryanair. Daca nu-s ok, sterg.
  24. As I am now an adult, I sometimes need to look at taxes. The longstanding tradition of adults dictates that I must look at my taxes and say to my fellow adults “wow, I wish I had that money which is spent on single payer universal healthcare, infrastructure and education so I could spend it on video games, hardware I never use and thousands of tiny 3D printed statues of myself.”. Regardless, I didn’t expect my micro-sojourn into responsibility to result in a somewhat bad security issue followed by the ability to arbitrarily modify people’s tax details after making them click a link, followed by a 2 month journey to getting confirmed fixes. Welcome to my 3 step guide to hacking the uk tax system, I guess. The UK tax system login process is neat, and well thought out. One goes through an interstitial login web form which requests an identification number, a password, and a code texted to your cellular mobile device. On the technical side of things, this is achieved by the common redirect forwarding pattern in which the page that required login hands off to the login page with a note in parameter form saying where to send the user back to when the login process is successfully completed and you’re ready to dive into taxes and such. Source: https://medium.com/@Zemnmez/how-to-hack-the-uk-tax-system-i-guess-3e84b70f8b
      • 1
      • Upvote
  25. gophirc A simple IRC bot framework written from scratch, in Go. Description Event based IRC framework. Warning The API might break anytime. Framework managed events Manages server PING requests (not CTCP PING) Registers on first NOTICE * Identifies on RPL_WELCOME (event 001) Joins the received invites & sends a greeting to the channel Logs if the bot gets kicked from a channel Features Capability to connect to multiple servers Multiple per event callbacks State & general logging Graceful exit handled either by a SIGINT (Ctrl-C) Parses a user from an IRC formatted nick!user@host to a User{} Config implements a basic checking on values Already implemented basic commands - JOIN, PART, PRIVMSG, NOTICE, KICK, INVITE, MODE, CTCP commands Many (?) more More: https://github.com/vlad-s/gophirc Bonus, IRC bot using gophirc - gophircbot: https://github.com/vlad-s/gophircbot
×
×
  • Create New...