Category Programming

If you follow me on Twitter @xxByte you must have seen the tweets about scaning a large scope of IPs and how did I approach that.

The goal: To scan all TCP ports (0-65536) of ~800 IPs spread across Europe and detect any low hanging fruits using automated tools or manual assessment in the most efficient way with the least resources needed.

The approach:

Let’s first do some math. Scanning 65536 TCP ports on 800 IPs means:
65536 x 800 = 52428800. That’s 52428800 SYN packet out and waiting for a SYN ACK reply packets in total.

To have the rest of the project requirements we need to scan each open port with deeper script scan and version detection scan, which means even more packets.

At such scale we cannot afford to script scan blindly all TCP ports...

A while ago I had an interesting interview question with a big tech company. The question was straight forward: Implement atoi() to convert a string to int.

Some restrictions apply:

The function first discards as many whitespace characters as necessary until the first non-whitespace character is found. Then, starting from this character, takes an optional initial plus or minus sign followed by as many numerical digits as possible, and interprets them as a numerical value.

The string can contain additional characters after those that form the integral number, which are ignored and have no effect on the behavior of this function.

If the first sequence of non-whitespace characters in str is not a valid integral number, or if no such sequence exists because either str is empty or ...

If you missed this one; please head to this link, and try it yourself before going to the solution.

I’m a great believer in automation; as one of my interviewers said to me once: If we do it twice; we automate it.
I adopted this style throughout my work; hence I wanted to show how would I upgrade/update the WordPress core and plugins using cron to keep all my blogs and sites secure and up to date with security patches.

1- get & install wp-cli (how/where)
2- write a script to use wp-cli to update WordPress [see attached code]

As part of any post exploitation in a security auditing or testing engagement you will want to gather as much info as you want about the victim to be able to target your next victim in the chain.

Having said that sometimes you stumble upon strange files, encrypted data, and network traffic that you don’t know what to do with it. One of these was an .sdf file related to hmailserver. The last is an open source mail server, you can read more about it here.

When gaining access to this server you will want to read this file:

A sample output would look something like this:

While I was coding the ‘Twitter Short Handles Finder‘ I needed an efficient Alpha-Numeric Strings generator in Python. I coded this from scratch:

Challenge:  Write a function, that delivers following output: "1 2 3 4 5 4 3 2 1".
Rules:

• You only can use: 1 for loop, 2 int variables.
• You must not use: IF terms, another function.
• Do not hardcode the output (do NOT do: print("123454321")

STOP and think about a solution.

First of all let’s clear thing up:

Finding the longest path of a graph algorithm is NOT the inverse of Dijkstra’s algorithm of finding the shortest path. In fact finding the longest path of a graph in NP-Hard problem.

In our case, the graph is a tree-shaped graph, more like a triangle.

While I was developing Auto CCleaner I faced a problem with allowing only one instant of the application. I found many solutions (using mutex) and others, but it didn’t work or it was inefficient. What I needed is a simple, easy, and efficient method. Hence I used little help from .NET Process class as follow:

I added this block to initialize (load) function:

Tada! Only a single instance is allowed now.
_
note: You need to add: using System.Diagnostics; at the beginning of your cs file.