Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - iikibT

Pages: [1] 2
1
C - C++ / Re: Interface Programming using C's gtk libraries
« on: February 20, 2016, 01:22:12 am »
Quote from: matias on February 20, 2016, 01:15:53 am
Okey, So I got a program called 'int.c' and I typed the next thing:
gcc int.c pkg-config --cflags --libs gtk+-2.0

You are missing ` around options, that's why gcc thinks you want to compile files named 'pkg-config' etc. and complains that it can't find them. Your command should be:

Code: [Select]
gcc int.c `pkg-config --cflags --libs gtk+-2.0`

EDIT: continuing troubleshooting this command with matias in PM, as it isn't that relevant to the topic and I don't want to spam the thread too hard.

2
C - C++ / Re: Interface Programming using C's gtk libraries
« on: February 19, 2016, 11:47:59 pm »
You need GTK for development:
Code: [Select]
apt-get install libgtk2.0-devor
Code: [Select]
apt-get install libgtk-3-dev
And then use it when compiling, for example:
Code: [Select]
gcc <your_file> `pkg-config --cflags --libs gtk+-2.0`

3
C - C++ / Re: Advice on modern c project based book
« on: February 16, 2016, 12:29:00 am »
If you are just starting learning C, it will make almost no difference to you if the book was written about C99 or C11. Also note that many compilers don't implement strict standards (if you are compiling with GCC, you can check out GNU C manual, but again, it doesn't really matter).

Quote from: lahatiel on February 15, 2016, 11:58:24 pm
I picked up C to start with is because its rawness and not hidding things from the programmer.
If you want to learn how things work "under the hood" you might also want to learn assembly - it will give you a much better understanding about how C and higher programming languages work.

4
General discussion / Re: The skills one needs to make a living as a developer?
« on: January 27, 2016, 02:13:49 pm »
From the things you mentioned, this are all good options:
  • Websites: pick a CMS (Wordpress, Joomla, Drupal...) and Jekyll (or similar) for static websites. Use boostrap, jQuery and other standard stuff, it makes your job easier and clients are happy because of familiar stuff. Easy, boring as fuck, pays ok, easy to get work.
  • Web applications: stick with PHP + obviously JavaScript on client side. Python or Ruby might be ok on server side, but I see significantly less jobs + most major CMSs are written in PHP. You can do this and above since you will probably be using most of the same stuff. Less easy, less boring, pays ok.
  • Android: never done it myself so I can't say much, but a couple of friends do it and it seems like it's easy for them to get projects.

I don't see many Python jobs, I see some C++ jobs but they are usually for full time employment, not per project. This might totally depend on market where you are from, so just check job listings and decide for yourself.

Hope this helps in any way.

5
Beginner's Corner / Re: Help needed with hccap cracking (WPA/WPA2 passwords)
« on: January 25, 2016, 02:57:19 am »
WPS is inherently insecure, WPA2 not that much, there aren't many shortcuts. If you have multiple APs with same SSID but different passwords, you can benefit from precomputing, else you will probably not get much better speed than with aircrack-ng. Download some of the big dictionaries and get cracking. If the password is not in any dictionary you can get your hands on, you are mostly out of luck. Good luck brute forcing 8+ chars password. My success with random APs and 5GB dictionary was less than 10%, but I didn't try larger dictionaries, brute forcing or hybrid attacks. Seeing as you put more effort into it perhaps you can get a better success rate, but don't expect to get every AP.

I would recommend going with Evil Twin. It requires a good enough signal and one not-very-bright client, but will save you all the time and is more rewarding.

I am new to the field myself, I hope my answer helps in any way, you will probably get better answers soon.

6
Beginner's Corner / Re: Ping of Death - Works or not?
« on: January 17, 2016, 06:52:56 pm »
What you are doing is not ping of death, but just regular ping... I am not really sure how you are trying to achieve buffer overflow (or whatever you are after) with this. Please let me know if I'm missing something.

Also a couple of notes on your script:
  • Since it is a python script, first line should probably be '#!/usr/bin/env python', not '#!/bin/sh' (your default shell probably doesn't speak python =)
  • It is usually considered better to enable setting options via parameters, than asking for them 1 by 1 each time a script is run
  • Not sure what you are trying to achieve with connections, but your for loop will execute one 'connection' at a time. If you want to have them in parallel, see multiprocessing

EDIT: Also, it would probably be wise to first find something that you can exploit using ping of death, put it on your network and develop / test it there until you get it right.

7
Mobile Hacking / Re: Buying a new smartphone
« on: January 14, 2016, 05:29:37 pm »
Quote from: Kurajber on January 14, 2016, 03:25:56 am
Yeah, I think I don't totally understand the point of that whole NetHunter project. Why would anyone want to have Kali Linux on their phone? If anyone could point some benefits of it, I'd be happy to hear.
It's basically Kali Linux on your phone, except you don't get any benefits of using Kali (or Linux, for that matter). Your phone is still a phone so typing is slow. NetHunter solves this problem by giving you a shitty terminal emulator which doesn't do anything useful, so you have no reason to type. You get almost none of the tools that ship with Kali and you also can't easily install any of the tools you would want, so you are forced to use the few tools that are on there. If I really had to use my phone for any security work, I would rather install any of the Linux phone distros and get my tools there than use NetHunter ever again. But then again, NetHunter has the cool dragon background, so that's something.

8
Web Oriented Coding / Re: Can I send a request to an http page from an https page?
« on: January 14, 2016, 04:13:50 pm »
Quote from: Serosin on January 14, 2016, 01:55:17 pm
Actually, the hosting service I use makes you purchase a dedicated IP address if you're going to use any certificate at all.
Uff, that sucks, I have never seen this shitty practice anywhere I ever hosted. I'd say get a better host =D.

Quote from: Serosin on January 14, 2016, 01:55:17 pm
I can already get cross-origin requests without using JSONP. Putting the
Code: [Select]
Header set Access-Control-Allow-Origin command in the .htaccess of domain B allows cross origin requests to be made, as long as they are over the same protocol.
The problem is not different protocol, but specifically HTTPS => HTTP. With
Code: [Select]
Header set Access-Control-Allow-Origin on domain B, you can send ajax request from domain A if both websites use HTTP, both use HTTPS, or A uses HTTP and B uses HTTPS. If A uses HTTPS and B uses HTTP this will not work. Basic idea is that you can load resources using more secure protocol, but not the other way around (that would kinda defeat the purpose of using HTTPS in the first place). Chrome for instance gives this error:
Code: [Select]
Mixed Content: The page at 'https://a.com' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://b.com/'. This request has been blocked; the content must be served over HTTPS.I am not aware of any ways to circumvent that, though they might exist. The simplest way is to switch to HTTPS on domain B.

EDIT: If you really can't get HTTPS on domain B, another option would be to get another domain (say C) where you can use HTTPS and use it as a proxy:
Code: [Select]
https://a.com === AJAX request ==> https://c.com  === (send data using your favorite server side language) ==> http://b.com

9
Web Oriented Coding / Re: Can I send a request to an http page from an https page?
« on: January 14, 2016, 11:20:32 am »
I'm not going to answer your main question, but want to point a couple of things out:

Quote from: Serosin on January 14, 2016, 03:04:13 am
It costs extra money and I'd rather make that purchase for a more legitimate reason if I need to.
I assume you are talking about SSL certificate costs? You can get cert for free, either by signing it yourself or getting it signed for free by Let's Encrypt.

Quote from: Serosin on January 14, 2016, 03:04:13 am
...because the domain I own doesn't use SSL, and Same Origin Policy stops that
Using a script on domain A to send ajax request to domain B is against same-origin policy and will be stopped by any browser that enforces same-origin policy. This is not a problem of not having SSL.

EDIT: For ways to circumvent same-origin policy, see JSONP. There are also multiple methods listed at this stackoverflow post.

10
Anonymity and Privacy / Re: Route all traffic through tails?
« on: January 12, 2016, 01:01:39 pm »
I would recommend Whonix Gateway instead of Tails in this case, it is made for exactly what you are describing.

11
C - C++ / Re: Issues with understanding recursion
« on: January 09, 2016, 06:47:25 pm »
To learn more about recursion, see this post.

12
Projects and Discussion / Re: Pinger - A Finished Python Project
« on: January 03, 2016, 01:26:51 am »
Hey, I see you are new to programming and probably young so I don't want to discourage you, but this script is pretty much useless.

This being said, you should try to improve this things in your following projects:
  • Remove sleeping (time.sleep()). It is annoying af and you can always avoid it.
  • Avoid asking for agreement each time a script is run. Include the license with you application and don't mention it in the program itself (or at least don't ask people to confirm it each time).
  • Don't hardcode input files. Accept input file with parameter (for example -i "URL_list.txt") or read from stdin (this way users can decide how to pass the URLs - write them, pass them from another app, pass them from a file...)
  • Add '#!/usr/bin/env python' as the first line of your script. This tells the terminal to run this script with python interpreter.

EDIT:
Also, instead of comparing 'enter' variable with each possible mix of upper and lower letters in 'yes', you can just say
Code: [Select]
elif enter.lower() == "yes":This way you can replace your 20+ lines of 'elif's with
Code: [Select]
if enter.lower() in ('y', 'yes'):
  // True
else:
  // False

13
General discussion / Re: Current Careers & Aspirations
« on: December 29, 2015, 12:13:02 am »
I'm currently a student and working mostly as web dev, which I love. I'm mostly developing Joomla! and Magento custom extensions and solutions and a web app every once in a while. Also a little bit of system administration and customer support, neither of which I like too much.

I like to write code so I spend much of my free time studying different programming languages and lately IT security. I'm hoping to get a job as a dev or in sec after I finish my masters degree.

14
Operating System / Re: So I installed Arch
« on: December 21, 2015, 12:24:41 pm »
Quote from: evolut1o on December 21, 2015, 11:18:55 am
Never tried just the Arch, installed the BlackArch once and hated it, the repositories were all fuck, just to install the iso in my VM was a fucking nightmare.

BlackArch isn't really much more than a big collection of tools. If you want to benefit from it, you will be better off installing and configuring Arch the way you like it and then just installing BlackArch on top of it. Don't really know what you mean with "repositories were all fuck", you have 13K+ packages and they are generally well documented, what else could you want? Installing can be a pain if you are used to GUI installers, but if you stick to Beginners' guide it is quite easy and straightforward.

15
General discussion / Re: Podcasts
« on: December 03, 2015, 11:01:14 am »
This are some of the podcasts I listen to (links are to RSS, not sure if all or available on iTunes):

Linux
- Linux Unplugged
- Linux Action Show
* These cover Linux news, open source software but there is not very much security talk (news like "there is this new malware" or "this distro did that to improve X security feature", but nothing really in depth).

Security
- Breaking Down Security
- Down the Security Rabbithole
- Defensive Security
* I had more on the list but they sucked so I removed them. All of the above are ok, but nothing really special.

Pages: [1] 2