Top 10 Kali Linux Tools For Hacking - GeeksforGeeks

Passed OSCP - My Experience

Originally, I was leaning against doing an obligatory post-OSCP Reddit post because I didn’t want to come across as another “look at me - I passed OSCP!!” cringeworthy OSCP Oscar speech, but I decided to go ahead and do one because my experience was perhaps a little unique and answers the much-asked question “can I do OSCP without experience?”.
A quick background to add context…
I’m 31 years old and my employment history is a mixture of sales, graphics, and media-related job roles. I felt discontented for a long time earning (barely) living wage in job roles I had little passion for. Anyway, to cut a long story short, I decided to quit my latest sales job in November last year (2019) to pursue a career in cybersecurity/infosec. I didn’t know what ‘TCP’ or ‘UDP’ was, and I’d never heard of ‘Kali’ or how to run a VM, but I was convinced that this would be the career path for me.
Anyway, I went through Security+ and C|EH from November to March and, just as I was going to start applying for Security Analyst type job roles, our friendly neighbourhood Coronavirus came along and shut down the economy. Even though I had no intention of doing OSCP for another year or two, I thought it was a better option than twiddling my thumbs for a few months, so I decided to sign up for PWK labs and have a crack at it.
Fast-forwarding to yesterday, after a few brutal months and an incredible experience, I finally got the OSCP “you have successfully completed” email.
Apologies in advance for the essay but I just want to go through my journey for those of you that might be in a similar position to the one I was in - limited/zero IT experience and feeling intimidated by the dreaded OSCP mountain.
My journey…
In the weeks leading up to the wait to start my 60 days PWK material and labs, I went through The Cyber Mentor’s Practical Ethical Hacking Udemy course and then went on a Hack the Box rampage, so, by the time my lab time started, I felt like I was in a pretty decent position.
Unfortunately, because I was a naïve idiot, I tackled the labs straight away and went through the PWK PDF casually on the side. This was a big mistake and something I would definitely change in hindsight because it cost me 5 easy points on the exam (I thought I could smash through the PDF exercises during the last week of labs but this didn’t prove to be enough time).
In 60 days I ended up rooting around 40 machines - I didn’t bother going for the networks because it didn’t apply to the exam and, although valuable real-world experience, I didn’t want to get distracted and flood my brain with even more information when it wasn’t going to be relevant for my mission.
One big thing that I did get right was note-taking. I can’t express enough how valuable it is to take detailed notes and build your own cheat sheet library. After every machine I rooted, I did a walkthrough on OneNote and added any new tools/commands to my cheat sheet library. This not only saves precious time in the exam, but it helps you build your own knowledge instead of relying on other people’s cheat sheets without really understanding what you’re doing.
After my 60 days had finished, I spent 1 month on TJ Null’s OSCP Hack the Box list and IppSec’s video walkthroughs. I also can’t stress enough how valuable this learning methodology is. My only regret is that I rushed through it. I’d already booked my exam 30 days after lab time, so I ended up jumping through walkthroughs when I got stuck on boxes instead of exhausting all options. This was another naïve idiot mistake on my behalf and something I would do differently in hindsight. There’s a difference between “trying harder” and “trying harder, but in a smart way”. I was putting 10+ hours in every day but I wasn’t always being efficient with my time. I’d definitely recommend seeking hints and tips on boxes but only after you’ve exhausted all options first, something which I didn’t always do.
Anyway, my first exam attempt came around towards the end of July. Was I ready? No, but I had delusional confidence in myself that has paid off for me more often than not, so I was hoping it would pay off for me again.
My first exam was brutal. I sat in my chair for a total of 23 hours and 15 minutes, with only 3 short 5-minute breaks to get food to snack on. My VPN was shut down after 24 hours and I had a total of 65 points, which I’d been stuck on for the last 8 hours of my exam. I got the BO, root on one of the 20-point machines, root on the 10-point machine, and user on the other 20-point machine. I just couldn’t get root on that last machine.
I was pretty devastated because I’d put my heart and soul into Sec+, C|EH, and OSCP for 7 straight months and I wanted it bad. But my delusional confidence wasn’t enough.
After listening to depressing Taylor Swift songs for a few days (joke), I decided to book another exam in, 4 weeks after my first attempt.
This time around, I decided to go through Tib3rius’s Linux and Windows Privilege Escalation courses (they were great) and go back over some of the HTB machines. I honestly felt at this point that there wasn’t much more study material that I could go through.
2nd exam came up and it was an almost minute-for-minute repeat of the first exam. BO done, 20 point rooted, 10 point rooted, but could only get user on the other 20 point. 65 points again. This time I ended up listening to Taylor Swift + Lana Del Rey.
I was pretty adamant that I could do this and that I was very close, so I sent Off-Sec an email explaining my situation and they were kind enough to allow me another exam attempt without waiting 8 weeks - I booked another exam in 2 weeks after my second attempt.
This time, my preparation was entirely mental. In both my prior exams, I was sat on my chair for over 23 hours because I was flapping around aimlessly like a headless chicken, desperately firing off exploits that I knew wouldn’t work on the other 20-point machine. So, I went into the 3rd exam determined to go at a slow and steady pace, and not let the 24-hour timeframe pressure me into a wild goose chase.
Miraculously, it seemed to work. After 14 hours, I’d done the BO, rooted both 20-point machines, rooted the 10-point machine, and got user on the 25-point machine. 85-ish points in total.
The point of this story is to get across to people that you need to try simpler, not harder. I perhaps failed my first exam because I’d not gone through Tib3rius’s Priv Esc courses, but I failed on my 2nd 100% due to mentality. There was no skill-level difference between my 2nd exam and 3rd exam.
I’ll finish off with my recommended learning methodology and exam tips (for people with limited/zero IT experience):
. The Cyber Mentor Practical Ethical Hacking Udemy course (usually on offer at $14.99-ish)
. Tib3rius’s Linux and Windows Privilege Escalation course (usually on offer at $12.99 each)
. Try Hack Me OSCP Learning Path (I would recommend doing this before HTB - it is $10 for 30 days)
. PWK labs (I personally don’t feel more than 60 days are required - unless you work full-time)
. TJ Null’s OSCP Hack the Box list ($10 for retired HTB machines - very worth it)
. You should be ready for the exam
Exam tips:
. Become proficient with Nmap but use an enumeration tool like nmapAutomator for the exam
. You will need to understand what bash and Python scripts are doing (you don’t need to be able to write them from scratch)
. Don’t be tempted to use a fancy BO methodology for the exam, stick with PWK’s methodology - it works (some of the others don’t)
. Play around with various reverse shell payloads - sometimes a bash one-liner won’t work so you need to go with Python. Sometimes Bash, Python, and netcat won’t work, so you need to understand what alternatives you can use in that scenario
. Get into the habit of reading service manuals. In all 3 of my exams, I came up against machines that had services I’d never even heard of. Fortunately, I’d got into the habit reading service manuals, otherwise, I would have skipped over the services and got lost down a rabbit hole
. Get into the habit of exploiting conventional services in unconventional ways. Just because an SUID binary isn’t on Gtfobins, it doesn’t mean that you can’t exploit the SUID binary in an unconventional way. Again, get into the habit of reading manuals to understand what services do
. Become familiar with Burp Suite. Many exploits won’t work in the way you might expect them to, but they will work if you run them through Burp. Or, at the very least, you’ll be able to understand why they’re not working. This issue came up in my last exam and I would have been completely lost if it weren’t for Burp
. Take breaks if you get frustrated - this is said over and over again by people on this subreddit and it’s an absolute must. The 20 point machine that I couldn’t root after 8 hours on my 2nd exam was on my 3rd exam (thanks Off-Sec - I know you tried to fu*k me with that), but I was able to root it within 1 hour on my 3rd exam, simply because my mindset was different at the time.
. Trust your gut - by doing PWK and HTB machines, you should develop a gut feeling of when you are in a rabbit hole and when you’re on the right track. I ended up rooting over 100 machines before the exam (albeit with plenty of hints and tips) and it helped me develop a good gut feeling. I can’t explain why but there were times in my last exam where I knew I was in the right area even though I wasn’t able to enumerate the specific service version. This feeling simply came from experience. I’m sure many of you watch IppSec’s videos and wonder “how the hell does he know to do X or Y?”. I used to wonder this all the time but after going through dozens of machines, I finally got it. It comes down to experience. Try to do as many machines as you can before the exam to build that gut feeling, and trust it in the exam.
. Embrace failure - this is perhaps the most important thing that I can say. OSCP is a difficult journey and many people fail multiple times before passing. And you know what? That’s okay. It’s okay to fail. It’s how you react to failure that counts. I’m not particularly smart but I embrace failure and I know deep down that I will keep trying until I pass. I was prepared to take the OSCP exam 1000 times if I had to, I was never going to let the exam beat me. I suggest you approach it with the same mentality and not let silly pride prevent you from having a go at it.
One last thing! Join a solid Discord community. This journey has been amazing since day one and a big reason behind that is the amazing online community. I was very active in an HTB community and ended up talking to several people who were going through OSCP at the same time as me. This was honestly such a massive help to me because I didn’t know what the hell I was doing when I first started!
Sorry for the massive rant - I just see so many people on here treating OSCP like an unsurmountable mountain. It’s not. You can do it!
submitted by TheCrypt0nian to oscp [link] [comments]

Thermostat Recommendations, for HA?

Hi All,
As it's a fast moving field, looking for fresh recommendations. Need a smart thermostat.
Summary: Just looking for something I can control with HA Automations, or NodeRed if needed. Ideally Zigbee or ZWave. Running HASS on a Pi w/ssd.
Details:
Have been looking at:
submitted by SignedJannis to homeassistant [link] [comments]

11-04 23:47 - 'DON'T USE THIS' (self.linux) by /u/CreeperTyE removed from /r/linux within 6-16min

'''
This is for cyberpatriots, pls don't use this.
#!/bin/bash
# CyberPatriot Ubuntu (Trusty Tahr) Script v0.3.5
# Root is required to run this script, but chmod should not be used on script or run as root.
# User running script must be in group 'sudo'.
#
# Not everything is covered in this script. Please make sure to review checklist and the Securing Debian Manual.
# This script is only meant to be used for whichever team Keita Susuki is on.
# CHANGES: sed is now more often used to find and replace instead of append to config files
function main {
kernel_info=$(uname -a)
time=$(date)
display_info=$(whoami)
sshd="/etc/ssh/sshd_config"
apache_s="/etc/apache2/apache2.conf"
vsftpd_s="/etc/vsftpd.conf"
echo "---------------------------------------------------------"
echo "Script version: v0.3.5"
echo "Current User: $display_info"
echo "Team: Binary Bros"
echo "Current Time: $time"
echo "Kernel info: $kernel_info"
echo "Now, what can I do for you today?"
echo "---------------------------------------------------------"
echo -en '\n'
read -p "Press ENTER to continue."
echo -en '\n'
echo "WARNING: IF YOU HAVE NEGLECTED TO COMPLETE THE FORENSICS QUESTIONS, IMMEDIATELY CTRL+C THIS SCRIPT."
echo "HAVE YOU COMPLETED ALL THE FORENSICS QUESTIONS? [Y/N]"
read -r forensic_questions
if [[ $forensic_questions == "y" || $forensic_questions == "Y" ]]; then
clear
echo "Good. Now let's start working."
elif [[ $forensic_questions == "n" || $forensic_questions == "N" ]]; then
echo "Finish the forensics questions and come back."
exit
else
echo "Error: bad input."
fi
echo "Before using apt, we need to check to see if sources.list hasn't been tampered with."
echo "Redirecting you to /etc/apt/sources.list in 5 seconds..."
sleep 5
sudo gedit /etc/apt/sources.list
echo "Securing /run/shm."
echo "r-- is dangerous, only on servers if there is no reason for /run/shm."
echo "Read only /run/shm can cause many programs to break. Be cautious."
echo -en '\n'
echo "Options:"
echo "Mount /run/shm r-- (read-only) [r]"
echo "Mount /run/shm rw- (read-write) [w]"
echo "Skip this method. [x]"
read -r shared_memory
if [[ $shared_memory == "r" || $shared_memory == "R" ]]; then
echo "none /run/shm tmpfs defaults,ro 0 0" | sudo tee -a /etc/fstab
echo "Done. Restart box after script has run its course."
elif [[ $shared_memory == "w" || $shared_memory == "w" ]]; then
echo "none /run/shm tmpfs rw,noexec,nosuid,nodev 0 0" | sudo tee -a /etc/fstab
echo "Done. Restart box after script has run its course."
elif [[ $shared_memory == "x" || $shared_memory == "X" ]]; then
echo "Understood. Check UnsafeDefaults page on Ubuntu's website."
fi
echo -en '\n'
echo "Next, we will check hosts file. Make sure nothing looks amiss (default config)."
echo "Redirecting you to hosts file in 5 seconds..."
sleep 5
sudo gedit /etc/hosts
echo -en '\n'
echo "See if nameserver is unfamiliar, if it is, change to google public (8.8.8.8)."
echo "Redirecting you in 3 seconds..."
sudo gedit /etc/resolv.conf
echo -en '\n'
echo "I will now install packages necessary for the security of the system."
echo -en '\n'
sudo apt-get -y -qq install rkhunter clamav clamtk gufw ufw libpam-cracklib vim nmap sysv-rc-conf bum unattended-upgrades logcheck lynis members auditd chkrootkit fail2ban
echo -en '\n'
echo "Configuring automatic upgrades.."
sudo dpkg-reconfigure --priority=low unattended-upgrades
echo "Would you like to manually use gufw or have the script automatically use ufw and close off ports?"
echo -en '\n'
echo "Options:"
echo "g: gufw"
echo "a: auto ufw"
echo "ga: ufw then manual gufw"
read -r firewall_config
if [[ $firewall_config == "g" || $firewall_config == "G" ]]; then
echo "Opening gufw in 5 seconds..."
sleep 5
sudo gufw
elif [[ $firewall_config == "a" || $firewall_config == "A" ]]; then
sudo ufw enable
sudo ufw deny 23
sudo ufw deny 2049
sudo ufw deny 515
sudo ufw deny 111
sudo ufw deny 9051
sudo ufw deny 31337
sudo ufw status
echo "Automatic configuration of firewall completed. I recommend that you look over this again."
sleep 10
elif [[ $firewall_config == "ga" || $firewall_config == "GA" ]]; then
sudo ufw enable
sudo ufw deny 23
sudo ufw deny 2049
sudo ufw deny 515
sudo ufw deny 111
sudo ufw deny 9051
sudo ufw deny 31337
sudo gufw
else
echo "Error: bad input."
fi
clear
echo -en '\n'
echo "Running nmap on 127.0.0.1 to display open ports..." # nmap isn't considered a "hacking tool"
echo "Would you also like to save output to nmap_output.txt [y/n]?"
echo -en '\n'
read -r nmap_input
if [[ $nmap_input == "y" || $nmap_input == "Y" ]]; then
echo "Sending output to nmap_output.txt.."
touch nmap_output.txt
echo "Running nmap on localhost again so you can see the output."
nmap -sV 127.0.0.1 > nmap_output.txt
sleep 10
echo -en '\n'
elif [[ $nmap_input == "n" || $nmap_input == "N" ]]; then
echo "Understood. Running nmap on localhost.."
nmap -sV 127.0.0.1
sleep 10
echo -en '\n'
else
echo "Error: bad input."
echo -en '\n'
fi
echo "Now please disable unneeded processes keeping ports open."
sleep 5
sudo sysv-rc-conf # preferred tool for this
echo -en '\n'
echo "Please make sure there is nothing besides exit 0 and some comments."
sleep 5
sudo vim /etc/rc.local
echo -en '\n'
echo "Checking for sshd_config file"
if [ -f "$sshd" ]; then
echo "sshd is present on this system."
echo "Is sshd a critical service on this machine? [y/n]"
echo "note: selecting N will remove sshd from this system. Proceed with caution."
read -r sshd_critical
if [[ $sshd_critical == "y" || $sshd_critical == "Y" ]]; then
sshd_secure_config
elif [[ $sshd_critical == "n" || $sshd_critical == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Would you like to restart sshd? [y/n]"
read -r sshd_restart_uinput
if [[ $sshd_restart_uinput == "Y" || $sshd_restart_uinput == "y" ]]; then # may take points and then give back
echo "Restarting sshd..."
sudo service sshd restart
elif [[ $sshd_restart_uinput == "n" || $sshd_restart_uinput == "N" ]]; then
echo "Understood. Remember that changes will not happen until sshd is restarted."
else
echo "Error: bad input."
fi
fi
clear
echo -en '\n'
echo "Disabling guest user and turning off autologin. Editing /etc/lightdm/lightdm.conf"
echo "Checklist reference: GENERAL/8 Alpha, Bravo"
echo "Remember to restart lightdm or restart box later on."
echo "I will direct you there in 5 seconds."
sleep 5
sudo vim /etc/lightdm/lightdm.conf
echo -en '\n'
printf "Now, would you like for me to add some better settings for /etc/sysctl.conf? [y\n]"
read -r secure_sysctl
if [[ $secure_sysctl == "y" || $secure_sysctl == "Y" ]]; then
sysctl_secure_config
elif [[ $secure_sysctl == "n" || $secure_sysctl == "N" ]]; then
echo -en '\n'
echo "Understood, I recommend you do this manually however."
else
echo -en '\n'
echo "Error: bad input"
fi
echo -en '\n'
echo "Lock the root account? [y/n]"
read -r disable_root
echo -en '\n'
if [[ $disable_root == "y" || $disable_root == "Y" ]]; then
sudo passwd -l root
echo "Root account locked."
elif [[ $disable_root == "n" || $disable_root == "N" ]]; then
echo "Understood, manually lock please."
else
echo "Bad input."
fi
clear
echo -en '\n'
echo "Limit access to su to all users but the ones in group wheel? [y/n]"
echo -en '\n'
read -r lim_su
if [[ $lim_su == "y" || $lim_su == "Y" ]]; then
sudo chown [link]1 /bin/su sudo
chmod 04750 /bin/su
echo "Done."
elif [[ $lim_su == "n" || $lim_su == "N" ]]; then
echo "Remember to manually limit access to su! All it takes is a single uncomment..."
else
echo "Bad input."
fi
clear
if [[ -f "$apache_s" ]]; then
echo "Is apache2 supposed to be installed on this system? [y/n]"
echo "If you choose N then you will subsequently uninstall apache2. Be careful."
read -r apache2_que
if [[ $apache2_que == "y" || $apache2_que == "Y" ]]; then
echo "Understood, moving on to securing apache2."
apache2_secure
elif [[ $apache2_que == "n" || $apache2_que == "N" ]]; then
echo "Uninstalling apache2..."
sudo service apache2 stop
sudo apt-get purge apache2
else
echo "Bad input."
fi
else
echo "Apache2 is not installed, moving on."
fi
if [[ -f "$vsftpd_s" ]]; then
echo "vsftpd configuration file detected."
echo "Is vsftpd a critical service on this machine? [y/n]"
echo "If you choose N then you will subsequently uninstall vsftpd. Be careful."
read -r vsftpd_choice
if [[ $vsftpd_choice == "y" || $vsftpd_choice == "Y" ]]; then
echo "Understood, moving on to securing vsftpd."
vsftpd_secure
elif [[ $vsftpd_choice == "n" || $vsftpd_choice == "N" ]]; then
sudo service vsftpd stop
sudo apt-get purge vsftpd
else
echo "Bad input."
fi
else
echo "vsftpd is not installed on this machine, moving on."
fi
clear
echo "Check apparmor? [y/n]"
read -r apparmor_check
if [[ $apparmor_check == "y" || $apparmor_check == "Y" ]]; then
apparmor_fix
elif [[ $apparmor_check == "n" || $apparmor_check == "N" ]]; then
echo "Understood, moving on."
echo -en '\n'
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Deny su to non admins? [y/n]"
echo -en '\n'
read -r deny_su
if [[ $deny_su == "y" || $deny_su == "Y" ]]; then
sudo dpkg-statoverride --update --add root sudo 4750 /bin/su
echo "Done."
elif [[ $deny_su == "n" || $deny_su == "N" ]]; then
sudo "Understood, moving on."
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Secure home directory? [y/n]"
echo "NOTE: potentially dangerous."
echo -en '\n'
read -r home_secure
if [[ $home_secure == "y" || $home_secure == "Y" ]]; then
echo "What is your username?"
echo "I need it so I can chmod 0700 your home directory."
read -r username_uinput
sudo chmod 0700 /home/"$username_uinput"
echo "Thanks!."
elif [[ $home_secure == "n" || $home_secure == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
clear
echo -en '\n'
echo "Prevent IP spoofing? [y/n]"
echo "(/etc/host.conf)"
read -r ip_spoof
echo -en '\n'
if [[ $ip_spoof == "y" || $ip_spoof == "Y" ]]; then
echo "order bind,hosts" | sudo tee -a /etc/host.conf
echo "nospoof on" | sudo tee -a /etc/host.conf
echo "IP spoofing disabled."
elif [[ $ip_spoof == "n" || $ip_spoof == "N" ]]; then
echo "Understood, skipping disabling ip spoofing."
else
echo "Error: bad input."
fi
echo "Would you like to edit /etc/pam.d? [y/n]"
read -r pam_secure
if [[ $pam_secure == "y" || $pam_secure == "Y" ]]; then
echo "Use subroutine pam_secure? [y/n]"
read -r choose_pam_secure
if [[ $choose_pam_secure == "y" || $choose_pam_secure == "Y" ]]; then
pam_secure
elif [[ $choose_pam_secure == "n" || $choose_pam_secure == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Redirecting you to /etc/pam.d/common-password. Use checklist."
echo "Checklist reference: GENERAL/10 ALPHA"
echo -en '\n'
sleep 5
sudo vim /etc/pam.d/common-password
echo -en '\n'
echo "Redirecting you to /etc/pam.d/common-auth. Use checklist."
echo "Checklist reference: GENERAL/10 BRAVO"
sleep 5
sudo vim /etc/pam.d/common-auth
echo -en '\n'
echo "Redirecting you to /etc/login.defs. Use checklist."
echo "Checklist reference: GENERAL/10 CHARLIE"
sleep 5
sudo vim /etc/login.defs
elif [[ $pam_secure == "n" || $pam_secure == "N" ]]; then
echo "Understood, will skip securing pam.d. Make sure to use the checklist and do so manually."
else
echo "Sorry, bad input."
fi
clear
echo -en '\n'
echo "Would you like to delete media files? [y/n]"
echo "Warning: Feature untested due to obvious reasons."
echo -en '\n'
read -r media_input
if [[ $media_input == "y" || $media_input == "Y" ]]; then
sudo find / -name '*.mp3' -type f -delete
sudo find / -name '*.mov' -type f -delete
sudo find / -name '*.mp4' -type f -delete
sudo find / -name '*.avi' -type f -delete
sudo find / -name '*.mpg' -type f -delete
sudo find / -name '*.mpeg' -type f -delete
sudo find / -name '*.flac' -type f -delete
sudo find / -name '*.m4a' -type f -delete
sudo find / -name '*.flv' -type f -delete
sudo find / -name '*.ogg' -type f -delete
sudo find /home -name '*.gif' -type f -delete
sudo find /home -name '*.png' -type f -delete
sudo find /home -name '*.jpg' -type f -delete
sudo find /home -name '*.jpeg' -type f -delete
elif [[ $media_input == "n" || $media_input == "N" ]]; then
echo "Understood, manually search and destroy media files."
else
echo "Error: bad input."
fi
echo -en '\n'
clear
echo "Would you like to install updates? [y/n]"
read -r update_input
if [[ $update_input == "y" || $update_input == "Y" ]]; then
sudo apt-get -qq -y update
sudo apt-get -qq -y upgrade
sudo apt-get -qq -y dist-upgrade
sudo apt-get -qq -y autoremove
elif [[ $update_input == "n" || $update_input == "N" ]]; then
echo "Understood, moving on."
echo -en '\n'
else
echo "Error: bad input."
echo -en '\n'
fi
sudo freshclam
clear
echo "Run chkrootkit and rkhunter? [y/n]"
read -r rootkit_chk
if [[ $rootkit_chk == "y" || $rootkit_chk == "Y" ]]; then
touch rkhunter_output.txt
echo "Rkhunter output file created as rkhunter_output.txt."
touch chkrootkit_output.txt
echo "chkrootkit output file created as chkrootkit_output.txt."
sudo chkrootkit | tee chkrootkit_output.txt
sudo rkhunter -c | tee rkhunter_output.txt
elif [[ $rootkit_chk == "n" || $rootkit_chk == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
sudo clamscan -r /
clear
echo -en '\n'
sleep 5
touch lynis_output.txt
echo "Lynis output file created as lynis_output.txt."
sudo lynis -c | tee lynis_output.txt
echo "Enable apparmor? [y/n]"
read -r apparmor_enabling
if [[ $apparmor_enabling == "y" || $apparmor_enabling == "Y" ]]; then
sudo perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX="$1 apparmor=1 security=apparmor",' /etc/default/grub
sudo update-grub
elif [[ $apparmor_enabling == "n" || $apparmor_enabling == "N" ]]; then
echo "Understood, you should enable it however."
else
echo "Error: bad input."
fi
echo "The script has run it's course."
echo "Remember to manually check config files and finish any changes."
echo -en '\n'
echo "--------------------------------------------------------"
echo "INFORMATION"
echo "--------------------------------------------------------"
echo "Current User: $display_info"
echo "Current Time: $time"
echo "Kernel info: $kernel_info"
echo "--------------------------------------------------------"
echo -en '\n'
read -p "Press ENTER to reboot the system."
sudo reboot
}
function apache2_secure {
sudo apt-get -y install libapache2-modsecurity
sudo apt-get -y install libapache2-modevasive
sudo sed -i 's/^#?ServerSignature .*/ServerSignature Off/g' /etc/apache2/conf-enabled/security.conf
sudo sed -i 's/^#?ServerTokens .*/ServerTokens Off/g' /etc/apache2/conf-enabled/security.conf
sudo sed -i 's/^#?Options .*/Options None/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?AllowOverride .*/AllowOverride None/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?Require*/Require all granted/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?LimitRequestBody*/LimitRequestBody 204800/g' /etc/apache2/apache2.conf
echo "" | sudo tee -a /etc/apache2/apache2.conf
echo "Order deny, allow" | sudo tee -a /etc/apache2/apache2.conf
echo "Deny from all" | sudo tee -a /etc/apache2/apache2.conf
echo "Check if mod_security module is running..."
echo "
" | sudo tee -a /etc/apache2/apache2.conf
sudo sed -i 's/^#?Timeout*/Timeout 15/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?LimitXMLRequestBody*/LimitXMLRequestBody 204800/' /etc/apache2/apache2.conf
sudo apachectl -M | grep --color security
echo "Is mod_security on? It should say security2_module somewhere."
read -r security_a2_on
if [[ $security_a2_on == "y" || $security_a2_on == "Y" ]]; then
echo "Good. I will move on."
elif [[ $security_a2_on == "n" || $security_a2_on == "N" ]]; then
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo sed -i 's/^#?SecRuleEngine .*/SecRuleEngine On/g' /etc/modsecurity/modsecurity.conf
sudo service apache2 restart
else
echo "Error: bad input."
fi
return 1
}
function pam_secure {
sudo sed -i 's/^#?PASS_MAX_DAYS .*/PASS_MAX_DAYS 90/g' /etc/login.defs
sudo sed -i 's/^#?PASS_MIN_DAYS .*/PASS_MIN_DAYS 7/g' /etc/login.defs
sudo sed -i 's/^#?PASS_WARN_AGE .*/PASS_WARN_AGE 7/g' /etc/login.defs
echo "Setup failed login attempts in /etc/pam.d/common-auth and add some config changes? [y/n]"
read -r fail_pamd_ca
if [[ $fail_pamd_ca == "y" || $fail_pamd_ca == "Y" ]]; then
echo "auth optional pam_tally.so deny=5 unlock_time=900 onerr=fail audit even_deny_root_account silent" | sudo tee -a /etc/pam.d/common-auth
sudo sed -i 's/^#?pam_unix.so .*/password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
remember=10 minlen=8 difok=5/g' /etc/pam.d/common-password
elif [[ $fail_pamd_ca == "n" || $fail_pamd_ca == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Create brutally paranoid configuration for /etc/pam.d/other? [y/n]"
echo "NOTE: IF PAM FILES ARE DELETED ACCIDENTALLY, SYSTEM FAILURE MAY OCCUR."
read -r other_paranoid
if [[ $other_paranoid == "y" || $other_paranoid == "Y" ]]; then
echo "auth required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "auth required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "account required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "account required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "password required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "password required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "session required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "session required pam_warn.so" | sudo tee -a /etc/pam.d/other
elif [[ $other_paranoid == "n" || $other_paranoid == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function vsftpd_secure {
sudo sed -i 's/^anonymous_enable=.*/anonymous_enable=NO/g' /etc/vsftpd.conf
echo "Anonymous FTP login disabled."
sudo sed -i 's/^chroot_local_user=.*/chroot_local_user=YES/g' /etc/vsftpd.conf
echo "Local users restricted to their home directories."
echo "Create SSL/TLS certificate and private key for vsftpd server? [y/n]"
read -r ssl_vsftpd
if [[ $ssl_vsftpd == "y" || $ssl_vsftpd == "Y" ]]; then
sudo openssl req -x509 -days 365 -newkey [link]2 -nodes -keyout /etc/vsftpd.pem -out /etc/vsftpd.pem
echo "Created."
echo "Making config changes..."
sudo sed -i 's/^#?ssl_enable=.*/ssl_enable=YES/g' /etc/vsftpd.conf #enable tls/ssl
echo "SSL enabled."
sudo sed -i 's/^#?allow_anon_ssl=.*/allow_anon_ssl=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?force_local_data_ssl=.*/force_local_data_ssl=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?force_local_logins_ssl=.*/force_local_logins_ssl=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_tlsv1=.*/ssl_tlsv1=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_sslv2=.*/ssl_sslv2=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_sslv3=.*/ssl_sslv3=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?require_ssl_reuse=.*/require_ssl_reuse=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_ciphers=.*/ssl_ciphers=HIGH/g' /etc/vsftpd.conf
sudo sed -i 's/^#?rsa_cert_file=.*/rsa_cert_file=/etc/vsftpd.pem/g' /etc/vsftpd.conf
sudo sed -i 's/^#?rsa_private_key_file=.*/rsa_private_key_file=/etc/vsftpd.pem/g' /etc/vsftpd.conf
sudo sed -i 's/^#?pasv_max_port=.*/pasv_max_port=65535/g' /etc/vsftpd.conf
sudo sed -i 's/^#?pasv_min_port=.*/pasv_min_port=64000/g' /etc/vsftpd.conf
sudo sed -i 's/^#?local_max_rate=.*/local_max_rate=30000/g' /etc/vsftpd.conf
sudo sed -i 's/^#?idle_session_timeout=.*/idle_session_timeout=120/g' /etc/vsftpd.conf
sudo sed -i 's/^#?max_per_ip=.*/max_per_ip=15/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_enable=.*/xferlog_enable=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_std_format=.*/xferlog_std_format=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_file=.*/xferlog_file=/valog/vsftpd.log/g' /etc/vsftpd.conf
echo "Log file set at /valog/vsftpd.log"
sudo sed -i 's/^#?log_ftp_protocol=.*/log_ftp_protocol=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?debug_ssl=.*/debug_ssl=YES/g' /etc/vsftpd.conf
echo "Configuration changes complete. Check /etc/vsftpd.conf later to see if they have all been done."
echo -en '\n'
echo "[link]3 "
echo -en '\n'
echo "Adding firewall exceptions.."
sudo ufw allow 20
sudo ufw allow 21
sudo ufw allow 64000:65535/tcp
sudo iptables -I INPUT -p tcp --dport 64000:65535 -j ACCEPT
elif [[ $ssl_vsftpd == "n" || $ssl_vsftpd == "N" ]]; then
echo "Understood. However, this is recommended."
else
echo "Error: bad input."
fi
echo "Restart vsftpd? [y/n]"
read -r vsftpd_restart
if [[ $vsftpd_restart == "y" || $vsftpd_restart == "Y" ]]; then
sudo service vsftpd restart
elif [[ $vsftpd_restart == "n" || $vsftpd_restart == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function apparmor_fix {
if [ -f /ussbin/apparmor_status ]; then
echo "Apparmor already installed."
else
echo "Apparmor not installed, installing."
sudo apt-get install -y -qq apparmor apparmor-profiles apparmor-utils
echo "Apparmor will be enabled at the end of the script."
fi
return 1
}
function sshd_secure_config {
sudo sed -i 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
return 1
sudo sed -i 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?Port .*/Port 2223/' /etc/ssh/sshd_config
sudo sed -i 's/^#?X11Forwarding .*/X11Forwarding no/' /etc/ssh/sshd_config
sudo ufw allow 2223
sudo sed -i 's/^#?Protocol .*/Protocol 2/' /etc/ssh/sshd_config
sudo sed -i 's/^#?PrintLastLog .*/PrintLastLog no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?IgnoreRhosts .*/IgnoreRhosts yes/' /etc/ssh/sshd_config
sudo sed -i 's/^#?RhostsAuthentication .*/RhostsAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?RSAAuthentication .*/RSAAuthentication yes/' /etc/ssh/sshd_config
sudo sed -i 's/^#?HostbasedAuthentication .*/HostbasedAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?LoginGraceTime .*/LoginGraceTime 60/' /etc/ssh/sshd_config
sudo sed -i 's/^#?MaxStartups .*/MaxStartups 4/' /etc/ssh/sshd_config
echo "Automatic configuration complete."
sudo sed -i 's/^#?LogLevel .*/LogLevel VERBOSE/' /etc/ssh/sshd_config
echo "ClientAliveInterval 300" | sudo tee -a /etc/ssh/sshd_config
echo "ClientAliveCountMax 0" | sudo tee -a /etc/ssh/sshd_config
sudo sed -i 's/^#?StrictModes .*/StrictModes yes/' /etc/ssh/sshd_config
clear
echo "Use iptables to try to prevent bruteforcing? [y/n]"
read -r iptable_ssh
if [[ $iptable_ssh == "y" || $iptable_ssh == "Y" ]]; then
iptables -A INPUT -p tcp --dport 2223 -m state --state NEW -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 2223 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
echo "Done."
elif [[ $iptable_ssh == "n" || $iptable_ssh == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Use public/private keys for authentication instead of passwords? [y/n]"
read -r auth_private
if [[ $auth_private == "y" || $auth_private == "Y" ]]; then
sudo ssh-keygen -t rsa
clear
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/id_rsa
cat id_rsa.pub >> ~/.ssh/authorized_keys
sudo chmod 600 ~/.ssh/authorized_keys
restorecon -Rv ~/.ssh
sudo sed -i 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
elif [[ $auth_private == "n" || $auth_private == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function sysctl_secure_config {
echo "kernel.sysrq = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_source_route = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.log_martians = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_all = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies=1" | sudo tee -a /etc/sysctl.conf
clear
echo -en '\n'
echo "Disable IPv6? [y/n]"
echo -en '\n'
read -r ipv6_disable
if [[ $ipv6_disable == "y" || $ipv6_disable == "Y" ]]; then
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "IPv6 disabled."
elif [[ $ipv6_disable == "n" || $ipv6_disable == "N" ]]; then
echo "Understood, skipping disabling IPv6."
else
echo "Error: bad input."
fi
return 1
}
if [ "$(id -u)" != "0" ]; then
echo "Please run this script as root. I promise I won't dd /dev/urandom into /dev/sda..."
exit
else
main
fi
'''
DON'T USE THIS
Go1dfish undelete link
unreddit undelete link
Author: CreeperTyE
1: root:admin 2: rsa:2048 3: *modulo.co*/*e*u*e-ftp*s*rvi*e-v*ftp*-linux*ht*l
Unknown links are censored to prevent spreading illicit content.
submitted by removalbot to removalbot [link] [comments]

AJ ALMENDINGER

glimpse into the future of Roblox

Our vision to bring the world together through play has never been more relevant than it is now. As our founder and CEO, David Baszucki (a.k.a. Builderman), mentioned in his keynote, more and more people are using Roblox to stay connected with their friends and loved ones. He hinted at a future where, with our automatic machine translation technology, Roblox will one day act as a universal translator, enabling people from different cultures and backgrounds to connect and learn from each other.
During his keynote, Builderman also elaborated upon our vision to build the Metaverse; the future of avatar creation on the platform (infinitely customizable avatars that allow any body, any clothing, and any animation to come together seamlessly); more personalized game discovery; and simulating large social gatherings (like concerts, graduations, conferences, etc.) with tens of thousands of participants all in one server. We’re still very early on in this journey, but if these past five months have shown us anything, it’s clear that there is a growing need for human co-experience platforms like Roblox that allow people to play, create, learn, work, and share experiences together in a safe, civil 3D immersive space.
Up next, our VP of Developer Relations, Matt Curtis (a.k.a. m4rrh3w), shared an update on all the things we’re doing to continue empowering developers to create innovative and exciting content through collaboration, support, and expertise. He also highlighted some of the impressive milestones our creator community has achieved since last year’s RDC. Here are a few key takeaways:
And lastly, our VP of Engineering, Technology, Adam Miller (a.k.a. rbadam), unveiled a myriad of cool and upcoming features developers will someday be able to sink their teeth into. We saw a glimpse of procedural skies, skinned meshes, more high-quality materials, new terrain types, more fonts in Studio, a new asset type for in-game videos, haptic feedback on mobile, real-time CSG operations, and many more awesome tools that will unlock the potential for even bigger, more immersive experiences on Roblox.

Vibin’

Despite the virtual setting, RDC just wouldn’t have been the same without any fun party activities and networking opportunities. So, we invited special guests DJ Hyper Potions and cyber mentalist Colin Cloud for some truly awesome, truly mind-bending entertainment. Yoga instructor Erin Gilmore also swung by to inspire attendees to get out of their chair and get their body moving. And of course, we even had virtual rooms dedicated to karaoke and head-to-head social games, like trivia and Pictionary.
Over on the networking side, Team Adopt Me, Red Manta, StyLiS Studios, and Summit Studios hosted a virtual booth for attendees to ask questions, submit resumes, and more. We also had a networking session where three participants would be randomly grouped together to get to know each other.

What does Roblox mean to you?

We all know how talented the Roblox community is from your creations. We’ve heard plenty of stories over the years about how Roblox has touched your lives, how you’ve made friendships, learned new skills, or simply found a place where you can be yourself. We wanted to hear more. So, we asked attendees: What does Roblox mean to you? How has Roblox connected you? How has Roblox changed your life? Then, over the course of RDC, we incorporated your responses into this awesome mural.
📷
Created by Alece Birnbach at Graphic Recording Studio

Knowledge is power

This year’s breakout sessions included presentations from Roblox developers and staff members on the latest game development strategies, a deep dive into the Roblox engine, learning how to animate with Blender, tools for working together in teams, building performant game worlds, and the new Creator Dashboard. Dr. Michael Rich, Associate Professor at Harvard Medical School and Physician at Boston Children’s Hospital, also led attendees through a discussion on mental health and how to best take care of you and your friends’ emotional well-being, especially now during these challenging times.
📷
Making the Dream Work with Teamwork (presented by Roblox developer Myzta)
In addition to our traditional Q&A panel with top product and engineering leaders at Roblox, we also held a special session with Builderman himself to answer the community’s biggest questions.
📷
Roblox Product and Engineering Q&A Panel

2020 Game Jam

The Game Jam is always one of our favorite events of RDC. It’s a chance for folks to come together, flex their development skills, and come up with wildly inventive game ideas that really push the boundaries of what’s possible on Roblox. We had over 60 submissions this year—a new RDC record.
Once again, teams of up to six people from around the world had less than 24 hours to conceptualize, design, and publish a game based on the theme “2020 Vision,” all while working remotely no less! To achieve such a feat is nothing short of awe-inspiring, but as always, our dev community was more than up for the challenge. I’ve got to say, these were some of the finest creations we’ve seen.
WINNERS
Best in Show: Shapescape Created By: GhettoMilkMan, dayzeedog, maplestick, theloudscream, Brick_man, ilyannna You awaken in a strange laboratory, seemingly with no way out. Using a pair of special glasses, players must solve a series of anamorphic puzzles and optical illusions to make their escape.
Excellence in Visual Art: agn●sia Created By: boatbomber, thisfall, Elttob An obby experience unlike any other, this game is all about seeing the world through a different lens. Reveal platforms by switching between different colored lenses and make your way to the end.
Most Creative Gameplay: Visions of a perspective reality Created By: Noble_Draconian and Spathi Sometimes all it takes is a change in perspective to solve challenges. By switching between 2D and 3D perspectives, players can maneuver around obstacles or find new ways to reach the end of each level.
Outstanding Use of Tech: The Eyes of Providence Created By: Quenty, Arch_Mage, AlgyLacey, xJennyBeanx, Zomebody, Crykee This action/strategy game comes with a unique VR twist. While teams fight to construct the superior monument, two VR players can support their minions by collecting resources and manipulating the map.
Best Use of Theme: Sticker Situation Created By: dragonfrosting and Yozoh Set in a mysterious art gallery, players must solve puzzles by manipulating the environment using a magic camera and stickers. Snap a photograph, place down a sticker, and see how it changes the world.
OTHER TOP PICKS
HONORABLE MENTIONS
For the rest of the 2020 Game Jam submissions, check out the list below:
20-20 Vision | 20/20 Vision | 2020 Vision, A Crazy Perspective | 2020 Vision: Nyon | A Wild Trip! | Acuity | Best Year Ever | Better Half | Bloxlabs | Climb Stairs to 2021 | Double Vision (Team hey apple) | Eyebrawl | Eyeworm Exam | FIRE 2020 | HACKED | Hyperspective | Lucid Scream | Mystery Mansion | New Years at the Museum | New Year’s Bash | Poor Vision | Predict 2020 | RBC News | Retrovertigo | Second Wave | see no evil | Sight Fight | Sight Stealers | Spectacles Struggle | Specter Spectrum | Survive 2020 | The Lost Chicken Leg | The Outbreak | The Spyglass | Time Heist | Tunnel Vision | Virtual RDC – The Story | Vision (Team Freepunk) | Vision (Team VIP People ####) | Vision Developers Conference 2020 | Vision Is Key | Vision Perspective | Vision Racer | Visions | Zepto
And last but not least, we wanted to give a special shout out to Starboard Studios. Though they didn’t quite make it on time for our judges, we just had to include Dave’s Vision for good measure. 📷
Thanks to everyone who participated in the Game Jam, and congrats to all those who took home the dub in each of our categories this year. As the winners of Best in Show, the developers of Shapescape will have their names forever engraved on the RDC Game Jam trophy back at Roblox HQ. Great work!

‘Til next year

And that about wraps up our coverage of the first-ever digital RDC. Thanks to all who attended! Before we go, we wanted to share a special “behind the scenes” video from the 2020 RDC photoshoot.
Check it out:
It was absolutely bonkers. Getting 350 of us all in one server was so much fun and really brought back the feeling of being together with everyone again. That being said, we can’t wait to see you all—for real this time—at RDC next year. It’s going to be well worth the wait. ‘Til we meet again, my friends.
© 2020 Roblox Corporation. All Rights Reserved.

Improving Simulation and Performance with an Advanced Physics Solver

August

05, 2020

by chefdeletat
PRODUCT & TECH
📷In mid-2015, Roblox unveiled a major upgrade to its physics engine: the Projected Gauss-Seidel (PGS) physics solver. For the first year, the new solver was optional and provided improved fidelity and greater performance compared to the previously used spring solver.
In 2016, we added support for a diverse set of new physics constraints, incentivizing developers to migrate to the new solver and extending the creative capabilities of the physics engine. Any new places used the PGS solver by default, with the option of reverting back to the classic solver.
We ironed out some stability issues associated with high mass differences and complex mechanisms by the introduction of the hybrid LDL-PGS solver in mid-2018. This made the old solver obsolete, and it was completely disabled in 2019, automatically migrating all places to the PGS.
In 2019, the performance was further improved using multi-threading that splits the simulation into jobs consisting of connected islands of simulating parts. We still had performance issues related to the LDL that we finally resolved in early 2020.
The physics engine is still being improved and optimized for performance, and we plan on adding new features for the foreseeable future.

Implementing the Laws of Physics

📷
The main objective of a physics engine is to simulate the motion of bodies in a virtual environment. In our physics engine, we care about bodies that are rigid, that collide and have constraints with each other.
A physics engine is organized into two phases: collision detection and solving. Collision detection finds intersections between geometries associated with the rigid bodies, generating appropriate collision information such as collision points, normals and penetration depths. Then a solver updates the motion of rigid bodies under the influence of the collisions that were detected and constraints that were provided by the user.
📷
The motion is the result of the solver interpreting the laws of physics, such as conservation of energy and momentum. But doing this 100% accurately is prohibitively expensive, and the trick to simulating it in real-time is to approximate to increase performance, as long as the result is physically realistic. As long as the basic laws of motion are maintained within a reasonable tolerance, this tradeoff is completely acceptable for a computer game simulation.

Taking Small Steps

The main idea of the physics engine is to discretize the motion using time-stepping. The equations of motion of constrained and unconstrained rigid bodies are very difficult to integrate directly and accurately. The discretization subdivides the motion into small time increments, where the equations are simplified and linearized making it possible to solve them approximately. This means that during each time step the motion of the relevant parts of rigid bodies that are involved in a constraint is linearly approximated.
📷📷
Although a linearized problem is easier to solve, it produces drift in a simulation containing non-linear behaviors, like rotational motion. Later we’ll see mitigation methods that help reduce the drift and make the simulation more plausible.

Solving

📷
Having linearized the equations of motion for a time step, we end up needing to solve a linear system or linear complementarity problem (LCP). These systems can be arbitrarily large and can still be quite expensive to solve exactly. Again the trick is to find an approximate solution using a faster method. A modern method to approximately solve an LCP with good convergence properties is the Projected Gauss-Seidel (PGS). It is an iterative method, meaning that with each iteration the approximate solution is brought closer to the true solution, and its final accuracy depends on the number of iterations.
📷
This animation shows how a PGS solver changes the positions of the bodies at each step of the iteration process, the objective being to find the positions that respect the ball and socket constraints while preserving the center of mass at each step (this is a type of positional solver used by the IK dragger). Although this example has a simple analytical solution, it’s a good demonstration of the idea behind the PGS. At each step, the solver fixes one of the constraints and lets the other be violated. After a few iterations, the bodies are very close to their correct positions. A characteristic of this method is how some rigid bodies seem to vibrate around their final position, especially when coupling interactions with heavier bodies. If we don’t do enough iterations, the yellow part might be left in a visibly invalid state where one of its two constraints is dramatically violated. This is called the high mass ratio problem, and it has been the bane of physics engines as it causes instabilities and explosions. If we do too many iterations, the solver becomes too slow, if we don’t it becomes unstable. Balancing the two sides has been a painful and long process.

Mitigation Strategies

📷A solver has two major sources of inaccuracies: time-stepping and iterative solving (there is also floating point drift but it’s minor compared to the first two). These inaccuracies introduce errors in the simulation causing it to drift from the correct path. Some of this drift is tolerable like slightly different velocities or energy loss, but some are not like instabilities, large energy gains or dislocated constraints.
Therefore a lot of the complexity in the solver comes from the implementation of methods to minimize the impact of computational inaccuracies. Our final implementation uses some traditional and some novel mitigation strategies:
  1. Warm starting: starting with the solution from a previous time-step to increase the convergence rate of the iterative solver
  2. Post-stabilization: reprojecting the system back to the constraint manifold to prevent constraint drift
  3. Regularization: adding compliance to the constraints ensuring a solution exists and is unique
  4. Pre-conditioning: using an exact solution to a linear subsystem, improving the stability of complex mechanisms
Strategies 1, 2 and 3 are pretty traditional, but 3 has been improved and perfected by us. Also, although 4 is not unheard of, we haven’t seen any practical implementation of it. We use an original factorization method for large sparse constraint matrices and a new efficient way of combining it with the PGS. The resulting implementation is only slightly slower compared to pure PGS but ensures that the linear system coming from equality constraints is solved exactly. Consequently, the equality constraints suffer only from drift coming from the time discretization. Details on our methods are contained in my GDC 2020 presentation. Currently, we are investigating direct methods applied to inequality constraints and collisions.

Getting More Details

Traditionally there are two mathematical models for articulated mechanisms: there are reduced coordinate methods spearheaded by Featherstone, that parametrize the degrees of freedom at each joint, and there are full coordinate methods that use a Lagrangian formulation.
We use the second formulation as it is less restrictive and requires much simpler mathematics and implementation.
The Roblox engine uses analytical methods to compute the dynamic response of constraints, as opposed to penalty methods that were used before. Analytics methods were initially introduced in Baraff 1989, where they are used to treat both equality and non-equality constraints in a consistent manner. Baraff observed that the contact model can be formulated using quadratic programming, and he provided a heuristic solution method (which is not the method we use in our solver).
Instead of using force-based formulation, we use an impulse-based formulation in velocity space, originally introduced by Mirtich-Canny 1995 and further improved by Stewart-Trinkle 1996, which unifies the treatment of different contact types and guarantees the existence of a solution for contacts with friction. At each timestep, the constraints and collisions are maintained by applying instantaneous changes in velocities due to constraint impulses. An excellent explanation of why impulse-based simulation is superior is contained in the GDC presentation of Catto 2014.
The frictionless contacts are modeled using a linear complementarity problem (LCP) as described in Baraff 1994. Friction is added as a non-linear projection onto the friction cone, interleaved with the iterations of the Projected Gauss-Seidel.
The numerical drift that introduces positional errors in the constraints is resolved using a post-stabilization technique using pseudo-velocities introduced by Cline-Pai 2003. It involves solving a second LCP in the position space, which projects the system back to the constraint manifold.
The LCPs are solved using a PGS / Impulse Solver popularized by Catto 2005 (also see Catto 2009). This method is iterative and considers each individual constraints in sequence and resolves it independently. Over many iterations, and in ideal conditions, the system converges to a global solution.
Additionally, high mass ratio issues in equality constraints are ironed out by preconditioning the PGS using the sparse LDL decomposition of the constraint matrix of equality constraints. Dense submatrices of the constraint matrix are sparsified using a method we call Body Splitting. This is similar to the LDL decomposition used in Baraff 1996, but allows more general mechanical systems, and solves the system in constraint space. For more information, you can see my GDC 2020 presentation.
The architecture of our solver follows the idea of Guendelman-Bridson-Fedkiw, where the velocity and position stepping are separated by the constraint resolution. Our time sequencing is:
  1. Advance velocities
  2. Constraint resolution in velocity space and position space
  3. Advance positions
This scheme has the advantage of integrating only valid velocities, and limiting latency in external force application but allowing a small amount of perceived constraint violation due to numerical drift.
An excellent reference for rigid body simulation is the book Erleben 2005 that was recently made freely available. You can find online lectures about physics-based animation, a blog by Nilson Souto on building a physics engine, a very good GDC presentation by Erin Catto on modern solver methods, and forums like the Bullet Physics Forum and GameDev which are excellent places to ask questions.

In Conclusion

The field of game physics simulation presents many interesting problems that are both exciting and challenging. There are opportunities to learn a substantial amount of cool mathematics and physics and to use modern optimizations techniques. It’s an area of game development that tightly marries mathematics, physics and software engineering.
Even if Roblox has a good rigid body physics engine, there are areas where it can be improved and optimized. Also, we are working on exciting new projects like fracturing, deformation, softbody, cloth, aerodynamics and water simulation.
Neither Roblox Corporation nor this blog endorses or supports any company or service. Also, no guarantees or promises are made regarding the accuracy, reliability or completeness of the information contained in this blog.
This blog post was originally published on the Roblox Tech Blog.
© 2020 Roblox Corporation. All Rights Reserved.

Using Clang to Minimize Global Variable Use

July

23, 2020

by RandomTruffle
PRODUCT & TECH
Every non-trivial program has at least some amount of global state, but too much can be a bad thing. In C++ (which constitutes close to 100% of Roblox’s engine code) this global state is initialized before main() and destroyed after returning from main(), and this happens in a mostly non-deterministic order. In addition to leading to confusing startup and shutdown semantics that are difficult to reason about (or change), it can also lead to severe instability.
Roblox code also creates a lot of long-running detached threads (threads which are never joined and just run until they decide to stop, which might be never). These two things together have a very serious negative interaction on shutdown, because long-running threads continue accessing the global state that is being destroyed. This can lead to elevated crash rates, test suite flakiness, and just general instability.
The first step to digging yourself out of a mess like this is to understand the extent of the problem, so in this post I’m going to talk about one technique you can use to gain visibility into your global startup flow. I’m also going to discuss how we are using this to improve stability across the entire Roblox game engine platform by decreasing our use of global variables.

Introducing -finstrument-functions

Nothing excites me more than learning about a new obscure compiler option that I’ve never had a use for before, so I was pretty happy when a colleague pointed me to this option in the Clang Command Line Reference. I’d never used it before, but it sounded very cool. The idea being that if we could get the compiler to tell us every time it entered and exited a function, we could filter this information through a symbolizer of some kind and generate a report of functions that a) occur before main(), and b) are the very first function in the call-stack (indicating it’s a global).
Unfortunately, the documentation basically just tells you that the option exists with no mention of how to use it or if it even actually does what it sounds like it does. There’s also two different options that sound similar to each other (-finstrument-functions and -finstrument-functions-after-inlining), and I still wasn’t entirely sure what the difference was. So I decided to throw up a quick sample on godbolt to see what happened, which you can see here. Note there are two assembly outputs for the same source listing. One uses the first option and the other uses the second option, and we can compare the assembly output to understand the differences. We can gather a few takeaways from this sample:
  1. The compiler is injecting calls to __cyg_profile_func_enter and __cyg_profile_func_exit inside of every function, inline or not.
  2. The only difference between the two options occurs at the call-site of an inline function.
  3. With -finstrument-functions, the instrumentation for the inlined function is inserted at the call-site, whereas with -finstrument-functions-after-inlining we only have instrumentation for the outer function. This means that when using-finstrument-functions-after-inlining you won’t be able to determine which functions are inlined and where.
Of course, this sounds exactly like what the documentation said it did, but sometimes you just need to look under the hood to convince yourself.
To put all of this another way, if we want to know about calls to inline functions in this trace we need to use -finstrument-functions because otherwise their instrumentation is silently removed by the compiler. Sadly, I was never able to get -finstrument-functions to work on a real example. I would always end up with linker errors deep in the Standard C++ Library which I was unable to figure out. My best guess is that inlining is often a heuristic, and this can somehow lead to subtle ODR (one-definition rule) violations when the optimizer makes different inlining decisions from different translation units. Luckily global constructors (which is what we care about) cannot possibly be inlined anyway, so this wasn’t a problem.
I suppose I should also mention that I still got tons of linker errors with -finstrument-functions-after-inlining as well, but I did figure those out. As best as I can tell, this option seems to imply –whole-archive linker semantics. Discussion of –whole-archive is outside the scope of this blog post, but suffice it to say that I fixed it by using linker groups (e.g. -Wl,–start-group and -Wl,–end-group) on the compiler command line. I was a bit surprised that we didn’t get these same linker errors without this option and still don’t totally understand why. If you happen to know why this option would change linker semantics, please let me know in the comments!

Implementing the Callback Hooks

If you’re astute, you may be wondering what in the world __cyg_profile_func_enter and __cyg_profile_func_exit are and why the program is even successfully linking in the first without giving undefined symbol reference errors, since the compiler is apparently trying to call some function we’ve never defined. Luckily, there are some options that allow us to see inside the linker’s algorithm so we can find out where it’s getting this symbol from to begin with. Specifically, -y should tell us how the linker is resolving . We’ll try it with a dummy program first and a symbol that we’ve defined ourselves, then we’ll try it with __cyg_profile_func_enter .
[email protected]:~/src/sandbox$ cat instr.cpp int main() {} [email protected]:~/src/sandbox$ clang++-9 -fuse-ld=lld -Wl,-y -Wl,main instr.cpp /usbin/../lib/gcc/x86_64-linux-gnu/crt1.o: reference to main /tmp/instr-5b6c60.o: definition of main
No surprises here. The C Runtime Library references main(), and our object file defines it. Now let’s see what happens with __cyg_profile_func_enter and -finstrument-functions-after-inlining.
[email protected]:~/src/sandbox$ clang++-9 -fuse-ld=lld -finstrument-functions-after-inlining -Wl,-y -Wl,__cyg_profile_func_enter instr.cpp /tmp/instr-8157b3.o: reference to __cyg_profile_func_enter /lib/x86_64-linux-gnu/libc.so.6: shared definition of __cyg_profile_func_enter
Now, we see that libc provides the definition, and our object file references it. Linking works a bit differently on Unix-y platforms than it does on Windows, but basically this means that if we define this function ourselves in our cpp file, the linker will just automatically prefer it over the shared library version. Working godbolt link without runtime output is here. So now you can kind of see where this is going, however there are still a couple of problems left to solve.
  1. We don’t want to do this for a full run of the program. We want to stop as soon as we reach main.
  2. We need a way to symbolize this trace.
The first problem is easy to solve. All we need to do is compare the address of the function being called to the address of main, and set a flag indicating we should stop tracing henceforth. (Note that taking the address of main is undefined behavior[1], but for our purposes it gets the job done, and we aren’t shipping this code, so ¯\_(ツ)_/¯). The second problem probably deserves a little more discussion though.

Symbolizing the Traces

In order to symbolize these traces, we need two things. First, we need to store the trace somewhere on persistent storage. We can’t expect to symbolize in real time with any kind of reasonable performance. You can write some C code to save the trace to some magic filename, or you can do what I did and just write it to stderr (this way you can pipe stderr to some file when you run it).
Second, and perhaps more importantly, for every address we need to write out the full path to the module the address belongs to. Your program loads many shared libraries, and in order to translate an address into a symbol, we have to know which shared library or executable the address actually belongs to. In addition, we have to be careful to write out the address of the symbol in the file on disk. When your program is running, the operating system could have loaded it anywhere in memory. And if we’re going to symbolize it after the fact we need to make sure we can still reference it after the information about where it was loaded in memory is lost. The linux function dladdr() gives us both pieces of information we need. A working godbolt sample with the exact implementation of our instrumentation hooks as they appear in our codebase can be found here.

Putting it All Together

Now that we have a file in this format saved on disk, all we need to do is symbolize the addresses. addr2line is one option, but I went with llvm-symbolizer as I find it more robust. I wrote a Python script to parse the file and symbolize each address, then print it in the same “visual” hierarchical format that the original output file is in. There are various options for filtering the resulting symbol list so that you can clean up the output to include only things that are interesting for your case. For example, I filtered out any globals that have boost:: in their name, because I can’t exactly go rewrite boost to not use global variables.
The script isn’t as simple as you would think, because simply crawling each line and symbolizing it would be unacceptably slow (when I tried this, it took over 2 hours before I finally killed the process). This is because the same address might appear thousands of times, and there’s no reason to run llvm-symbolizer against the same address multiple times. So there’s a lot of smarts in there to pre-process the address list and eliminate duplicates. I won’t discuss the implementation in more detail because it isn’t super interesting. But I’ll do even better and provide the source!
So after all of this, we can run any one of our internal targets to get the call tree, run it through the script, and then get output like this (actual output from a Roblox process, source file information removed):
excluded_symbols = [‘.\boost.*’]* excluded_modules = [‘/usr.\’]* /uslib/x86_64-linux-gnu/libLLVM-9.so.1: 140 unique addresses InterestingRobloxProcess: 38928 unique addresses /uslib/x86_64-linux-gnu/libstdc++.so.6: 1 unique addresses /uslib/x86_64-linux-gnu/libc++.so.1: 3 unique addresses Printing call tree with depth 2 for 29276 global variables. __cxx_global_var_init.5 (InterestingFile1.cpp:418:22) RBX::InterestingRobloxClass2::InterestingRobloxClass2() (InterestingFile2.cpp.:415:0) __cxx_global_var_init.19 (InterestingFile2.cpp:183:34) (anonymous namespace)::InterestingRobloxClass2::InterestingRobloxClass2() (InterestingFile2.cpp:171:0) __cxx_global_var_init.274 (InterestingFile3.cpp:2364:33) RBX::InterestingRobloxClass3::InterestingRobloxClass3()
So there you have it: the first half of the battle is over. I can run this script on every platform, compare results to understand what order our globals are actually initialized in in practice, then slowly migrate this code out of global initializers and into main where it can be deterministic and explicit.

Future Work

It occurred to me sometime after implementing this that we could make a general purpose profiling hook that exposed some public symbols (dllexport’ed if you speak Windows), and allowed a plugin module to hook into this dynamically. This plugin module could filter addresses using whatever arbitrary logic that it was interested in. One interesting use case I came up for this is that it could look up the debug information, check if the current address maps to the constructor of a function local static, and write out the address if so. This effectively allows us to gain a deeper understanding of the order in which our lazy statics are initialized. The possibilities are endless here.

Further Reading

If you’re interested in this kind of thing, I’ve collected a couple of my favorite references for this kind of topic.
  1. Various: The C++ Language Standard
  2. Matt Godbolt: The Bits Between the Bits: How We Get to main()
  3. Ryan O’Neill: Learning Linux Binary Analysis
  4. Linkers and Loaders: John R. Levine
  5. https://eel.is/c++draft/basic.exec#basic.start.main-3
Neither Roblox Corporation nor this blog endorses or supports any company or service. Also, no guarantees or promises are made regarding the accuracy, reliability or completeness of the information contained in this blog.
submitted by jaydenweez to u/jaydenweez [link] [comments]

Top sites to practice hacking skills (legally)

Top sites to practice hacking skills (legally)
credit- icssindia.in
These Websites to exercise your hacking skills whether you are a hacker, cybersecurity, pen-tester, or still a noob.
These vulnerable websites are great for developing our minds, increasing our capacity to solve problems, new innovative ideas come to our minds. Also, you will face brainfuck a lot of difficulties. Never give up always try to give your best. Because if you want to be a professional hacker, then you must know about the hacker attitudes and …
“real hackers never give up”
There are a lot of gaping holes in almost every security system. And to discover these is this is also a great opportunity to also discover the various tools that are needed for hacking. What the different options are etc. Use these websites to practice your hacking skills so you can be the best defense.
An attack is definitely the best form of defense
This applies to a lot of companies, they are hacking their own websites and even recruiting ethical hackers in an attempt to find vulnerabilities before the bad guys do as such ethical hacking is now a much sought after skill.

pwnable.kr

pwnable.kr is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is ‘fun’. please consider each of the challenges as a game. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn’t be your only purpose.

pwnable.tw

Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills.
HOW-TO
  • Try to find out the vulnerabilities that exist in the challenges, exploit the remote services to get flags.
  • The flag is usually at /home/xxx/flag, but sometimes you have to get a shell to read them.
  • Most of the challenges are running on Ubuntu 16.04/18.04 docker image.
  • You can share a write-up or exploit code in your profile, only players who also solved the same challenge are able to see them.

hack.me

Hack.me is a FREE, community-based project powered by eLearnSecurity. The community can build, host, and share vulnerable web application code for educational and research purposes. It aims to be the largest collection of “runnable” vulnerable web applications, code samples and CMS’s online. (This is more a test website. But still can improve your hacking skills a lot ..!)
The platform is available without any restriction to any party interested in Web Application Security:
  • students
  • universities
  • researchers
  • penetration testers
  • web developers

CTFlearn

CTFlearn is an ethical hacking platform that enables tens of thousands to learn, practice, and compete. The main attraction, of course, is the user-submitted Problems and Challenges which span the typical CTF theology such as Binary Exploitation, Cryptography, Reverse engineering, Forensics, Web attacks (see XSS, SQL Injection and the likes). There are also group the challenges by Popularity, level of Difficulty, and order of Appearance.

Google Gruyere

Gruyere It’s not often we see the pairing of cheese and hacking, but this website is a lot like good cheese—full of holes. It also uses a “cheesy” code and the entire design is cheese-based. Gruyere is a great option for beginners who want to dive into finding and exploiting vulnerabilities, but also learn how to play on the other side and defend against exploits.
Gruyere is written in Python, with bugs that aren’t specific to Python, and offers a substantial number of security vulnerabilities chosen to suit beginners. Some of the vulnerabilities are:
  • Cross-site scripting (XSS)
  • Cross-site request forgery (XRF)
  • Remote code execution
  • DoS attacks
  • Information disclosure
Gruyere code lab has divided vulnerabilities into different sections, and in each section, you will have a task to find that vulnerability. Using both black and white box hacking, you’ll need to find and exploit bugs.

Root Me

Root Me A multilanguage security training platform, Root Me is a great place for testing and advancing your hacking skills. It features over 300 challenges which are updated regularly and more than 50 virtual environments, all to provide a realistic environment. Root Me also has a passionate community of over 200,0000 members, all of whom are encouraged to participate in the development of the project and earn recognitions.
Different subjects covered on Root Me include:
  • Digital investigation
  • Automation
  • Breaking encryption
  • Cracking
  • Network challenges
  • SQL injection
It’s a solid platform and a great way to practice your hacking skills, although it’s not as beginner-friendly as some of the other entries on this list.

Hack The Box

Hack The Box (HTB) is an online platform allowing you to test your penetration testing skills. It contains several challenges that are constantly updated. Some of them simulating real-world scenarios and some of them leaning more towards a CTF style of challenge. It contains several challenges that are constantly updated. Some of them simulating real-world scenarios and some of them leaning more towards a CTF style of challenge. You should try this site out if you have an interest in network security or information security.
I suggest you to try to hack your way into this website.”

Hacking-Lab

Hacking-Lab is an online ethical hacking, computer network, and security challenge platform, dedicated to finding and educating cybersecurity talents. … HackingLab’s goal is to raise awareness towards increased education and ethics in information security.provides the CTF (Capture The Flag) challenges for the European Cyber Security Challenge but hosts challenges on their own platform which anyone can take part in once you have registered.
Hacking-Lab is providing CTF and mission style challenges for international competitions like the European Cyber Security Challenge, and free OWASP TOP 10 online security labs. Hacking-Lab’s goal is to raise awareness towards increased education and ethics in information security.

Game of Hacks

Game of Hacks, This game was designed to test your application hacking skills. You will be presented with vulnerable pieces of code and your mission if you choose to accept it is to find which vulnerability exists in that code as quickly as possible. In the game, developers and security professionals test their application hacking skills, improve their code security know-how, and facilitate better security practices in hope of reducing the number of vulnerabilities in their applications.
Available for desktop, tablet, and mobile, Game of Hacks presents developers with vulnerable pieces of code and challenges them to identify the application layer vulnerability as quickly as possible. It even has a two-player mode allowing head-to-head competition. Players analyze vulnerabilities including SQL injection, XSS, log forgery, path traversal, parameter tampering, and others in myriad programming languages.

OverTheWire

OverTheWire The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. To find out more about a certain wargame, just visit its page linked from the menu on the left. Suggested order to play the games in
  1. Bandit
  2. Leviathan or Natas or Krypton
  3. Narnia
  4. Behemoth
  5. Utumno
  6. Maze
Each shell game has its own SSH port Information about how to connect to each game using SSH is provided in the top left corner of the page. Keep in mind that every game uses a different SSH port.

microcorruption.com

microcorruption.com Scattered throughout the world in locked warehouses are briefcases filled with Cy Yombinator bearer bonds that could be worth billions comma billions of dollars. You will help steal the briefcases.
Cy Yombinator has cleverly protected the warehouses with Lockitall electronic lock devices. Lockitall locks are unlockable with an app. We’ve positioned operatives near each warehouse; each is waiting for you to successfully unlock the warehouse by tricking out the locks. The Lockitall devices work by accepting Bluetooth connections from the Lockitall LockIT Pro app. We’ve done the hard work for you: we spent $15,000 on a development kit that includes remote-controlled locks for you to practice on, and reverse engineered enough of it to build a primitive debugger.
Using the debugger, you’ll be able to single-step the lock code, set breakpoints, and examine memory on your own test instance of the lock. You’ll use the debugger to find an input that unlocks the test lock, and then replay it to a real lock. It should be a milk run. Good luck. We’ll see you on a beach in St Tropez once you’re done.

XSS game

XSS game Cross-site scripting (XSS) bugs are one of the most common and dangerous types of vulnerabilities in Web applications. These nasty buggers can allow your enemies to steal or modify user data in your apps and you must learn to dispatch them, pronto!
In this training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and infuriate your adversaries by preventing such bugs from happening in your applications. There will be cake at the end of the test.

HackThis!!

HackThis!! was initially designed so that the students can be taught how to hack, and teach the students about dumps and defacement. If you are an expert hacker then for you, there are 50 levels of difficulty to offer. The website comes with a great online community to help you with hacking, and it would keep you up to date with the security news.

crackmes.one

crackmes.one This is a simple place where you can download crackmes to improve your reverse engineering skills. If you like to submit a crackme or a solution to one of them, you must register. But before that, I strongly recommend you to read the FAQ

HackThisSite

Hack This Site is a free, safe, and legal training ground for hackers to test and expand their hacking skills. HackThisSite commonly referred to as HTS, is an online hacking and security website founded by Jeremy Hammond. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.

Pentest training

Pentest training is a simple website used as a hub for information revolving around the varies services we offer to help both experienced and new penetration testers practice and hone their skills. We offer a fully functioning penetration testing lab that is ever-increasing in size, complexity, and diversity. The lab has a fully functioning Windows domain with various Windows OS’s. There is also a selection of Boot2Root Linux machines to practice your CTF and escalation techniques and finally, pre-built web application training machines.

Hellbound Hackers

Hellbound Hackers provides a hands-on approach to computer security. Learn how hackers break-in, and how to keep them out. Huge resource for computer security researchers. The website emphasizes being hands-on, and it offers you many challenges to make you the best hacker out there. It offers a variety of challenges to teach you how to identify potential vulnerabilities, and it also suggests the ways to patch the vulnerabilities. The website comes with an array of tutorials and a thriving community of more than 100K registered members.

HAX.TOR

hax.tor.hu is a very old site (founded in 2006). But it serves the purpose of learning the stuff. Many problems are not functioning because of technology changes. Because many problems relied on the old PHP version flaws. Also, the player gets a free shell account to use (with web/mail hosting) on a server (with gigabit bandwidth) dedicated to security folks.
A few examples of HaX.ToR challenges:
Level 1. Make a nasa.gov URL display a text of my choice Level 7. snifflog.txt – ngrep format Level 13. PHP with a source – needs exploiting and/or -t-b thinking Level 16. root:hsmfs;[email protected] Level 21. Backdoor on a suspended domain Level 26. PHP file manager with a source – needs more exploit Level 28. telnet://hax.tor.hu:1800 – Google Word Game Level 33. Defense Information Systems Agency – 209.22.99.66 Level 39. China Science And Technology Network Level 48. .htaccess editor vs basic auth Level 49. Forged DNS from the CIA

ThisIsLegal

ThisisLegal, a hacker wargames site with much more – such as forums and tutorials. The aim of the site is to help you learn and improve as much as we can and also provide a community with a chance to chat. The site is always up for suggestions for improvement and any challenge submissions or tutorial content are also welcome so please help to improve our community.
submitted by icssindia to HackingTechniques [link] [comments]

A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

https://i.redd.it/7hvs58an33e41.gif
Penetration testing & Hacking Tools are more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Penetration testing & Hacking Tools list that covers Performing Penetration testing Operation in all the Environment. Penetration testing and ethical hacking tools are a very essential part of every organization to test the vulnerabilities and patch the vulnerable system.
Also, Read What is Penetration Testing? How to do Penetration Testing?
Penetration Testing & Hacking Tools ListOnline Resources – Hacking ToolsPenetration Testing Resources
Exploit Development
OSINT Resources
Social Engineering Resources
Lock Picking Resources
Operating Systems
Hacking ToolsPenetration Testing Distributions
  • Kali – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools
  • ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
  • BlackArch – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
  • Network Security Toolkit (NST) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
  • Pentoo – Security-focused live CD based on Gentoo.
  • BackBox – Ubuntu-based distribution for penetration tests and security assessments.
  • Parrot – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
  • Buscador – GNU/Linux virtual machine that is pre-configured for online investigators.
  • Fedora Security Lab – provides a safe test environment to work on security auditing, forensics, system rescue, and teaching security testing methodologies.
  • The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
  • AttifyOS – GNU/Linux distribution focused on tools useful during the Internet of Things (IoT) security assessments.
Docker for Penetration Testing
Multi-paradigm Frameworks
  • Metasploit – post-exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
  • Armitage – Java-based GUI front-end for the Metasploit Framework.
  • Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
  • ExploitPack – Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
  • Pupy – Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool,
Vulnerability Scanners
  • Nexpose – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
  • Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
  • OpenVAS – Free software implementation of the popular Nessus vulnerability assessment system.
  • Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
Static Analyzers
  • Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.
  • cppcheck – Extensible C/C++ static analyzer focused on finding bugs.
  • FindBugs – Free software static analyzer to look for bugs in Java code.
  • sobelow – Security-focused static analysis for the Phoenix Framework.
  • bandit – Security oriented static analyzer for Python code.
Web Scanners
  • Nikto – Noisy but fast black box web server and web application vulnerability scanner.
  • Arachni – Scriptable framework for evaluating the security of web applications.
  • w3af – Hacking Tools for Web application attack and audit framework.
  • Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
  • SecApps – In-browser web application security testing suite.
  • WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
  • WPScan – Hacking Tools of the Black box WordPress vulnerability scanner.
  • cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  • joomscan – one of the best Hacking Tools for Joomla vulnerability scanner.
  • ACSTIS – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
Network Tools
  • zmap – Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  • nmap – Free security scanner for network exploration & security audits.
  • pig – one of the Hacking Tools forGNU/Linux packet crafting.
  • scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
  • tcpdump/libpcap – Common packet analyzer that runs under the command line.
  • Wireshark – Widely-used graphical, cross-platform network protocol analyzer.
  • Network-Tools.com – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
  • netsniff-ng – Swiss army knife for network sniffing.
  • Intercepter-NG – Multifunctional network toolkit.
  • SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  • dnschef – Highly configurable DNS proxy for pentesters.
  • DNSDumpster – one of the Hacking Tools for Online DNS recon and search service.
  • CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack and then performs reverse look-ups on the results.
  • dnsmap – One of the Hacking Tools for Passive DNS network mapper.
  • dnsrecon – One of the Hacking Tools for DNS enumeration script.
  • dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  • passivedns-client – Library and query tool for querying several passive DNS providers.
  • passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • Mass Scan – best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning the entire Internet in under 5 minutes.
  • Zarp – Network attack tool centered around the exploitation of local networks.
  • mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Morpheus – Automated ettercap TCP/IP Hacking Tools .
  • mallory – HTTP/HTTPS proxy over SSH.
  • SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • Netzob – Reverse engineering, traffic generation and fuzzing of communication protocols.
  • DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  • pwnat – Punches holes in firewalls and NATs.
  • dsniff – Collection of tools for network auditing and pentesting.
  • tgcd – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
  • smbmap – Handy SMB enumeration tool.
  • scapy – Python-based interactive packet manipulation program & library.
  • Dshell – Network forensic analysis framework.
  • Debookee – Simple and powerful network traffic analyzer for macOS.
  • Dripcap – Caffeinated packet analyzer.
  • Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  • Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.
  • routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  • evilgrade – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • XRay – Network (sub)domain discovery and reconnaissance automation tool.
  • Ettercap – Comprehensive, mature suite for machine-in-the-middle attacks.
  • BetterCAP – Modular, portable and easily extensible MITM framework.
  • CrackMapExec – A swiss army knife for pentesting networks.
  • impacket – A collection of Python classes for working with network protocols.
Wireless Network Hacking Tools
  • Aircrack-ng – Set of Penetration testing & Hacking Tools list for auditing wireless networks.
  • Kismet – Wireless network detector, sniffer, and IDS.
  • Reaver – Brute force attack against Wifi Protected Setup.
  • Wifite – Automated wireless attack tool.
  • Fluxion – Suite of automated social engineering-based WPA attacks.
Transport Layer Security Tools
  • SSLyze – Fast and comprehensive TLS/SSL configuration analyzer to help identify security misconfigurations.
  • tls_prober – Fingerprint a server’s SSL/TLS implementation.
  • testssl.sh – Command-line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
Web Exploitation
  • OWASP Zed Attack Proxy (ZAP) – Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  • Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
  • Burp Suite – One of the Hacking Tools ntegrated platform for performing security testing of web applications.
  • autochrome – Easy to install a test browser with all the appropriate settings needed for web application testing with native Burp support, from NCCGroup.
  • Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits to commandeered Web browsers.
  • Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
  • WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPSploit – Exploit WordPress-powered websites with Metasploit.
  • SQLmap – Automatic SQL injection and database takeover tool.
  • tplmap – Automatic server-side template injection and Web server takeover Hacking Tools.
  • weevely3 – Weaponized web shell.
  • Wappalyzer – Wappalyzer uncovers the technologies used on websites.
  • WhatWeb – Website fingerprinter.
  • BlindElephant – Web application fingerprinter.
  • wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.
  • fimap – Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
  • Kadabra – Automatic LFI exploiter and scanner.
  • Kadimus – LFI scan and exploit tool.
  • liffy – LFI exploitation tool.
  • Commix – Automated all-in-one operating system command injection and exploitation tool.
  • DVCS Ripper – Rip web-accessible (distributed) version control systems: SVN/GIT/HG/BZR.
  • GitTools – One of the Hacking Tools that Automatically find and download Web-accessible .git repositories.
  • sslstrip –One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
  • sslstrip2 – SSLStrip version to defeat HSTS.
  • NoSQLmap – Automatic NoSQL injection and database takeover tool.
  • VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.
  • FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • EyeWitness – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  • webscreenshot – A simple script to take screenshots of the list of websites.
Hex Editors
  • HexEdit.js – Browser-based hex editing.
  • Hexinator – World’s finest (proprietary, commercial) Hex Editor.
  • Frhed – Binary file editor for Windows.
  • 0xED – Native macOS hex editor that supports plug-ins to display custom data types.
File Format Analysis Tools
  • Kaitai Struct – File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles – Binary data visualization and analysis tool.
  • Hachoir – Python library to view and edit a binary stream as the tree of fields and tools for metadata extraction.
read more https://oyeitshacker.blogspot.com/2020/01/penetration-testing-hacking-tools.html
submitted by icssindia to HowToHack [link] [comments]

Updating kernel from 5.6.19 to 5.8.0 with X1 Extreme Gen 2 (X1E2)

Summary

I was using linux-*-5.6.19-xanmod1, noticed kernel 5.6 finished the support and I noticed this post.
So I decided to update.

Steps

Install the kernel packages and then reboot:
aptitude install linux-headers-5.8.0-xanmod2 aptitude install linux-image-5.8.0-xanmod2 reboot
I thought I have to do this, and I did not have to. I am leaving this as note for further reference:
```

This is to be skipped

dpkg-reconfigure nvidia-dkms-450

```
Remove old kernel packages:
aptitude purge linux-headers-5.6.19-xanmod1 aptitude purge linux-image-5.6.19-xanmod1
Above command leaves the directory /lib/modules/5.6.19-xanmod1 because I was hacking some code to use both fans on my X1E2 and apply battery charge thresholds and recalibration with TLP.
rm -fr /lib/modules/5.6.19-xanmod1

Post Update

Undervolt

UPDATE: Disabled this because I noticed Kernel 5.9.1 rejects what this program tries to do because of this?
I revised Undervolt Setting with the Reddit Post mentioned at the summary section (The details about the following file can be found at this page).
```

/etc/systemd/system/undervolt.service

[Unit] Description=undervolt
[Service] Type=oneshot ExecStart=/uslocal/src/undervolt/undervolt.py --core -150 --gpu -100 --cache -150 --uncore -50 ```

acpi-call-dkms

I re-installed acpi-call-dkms for TLP (Again, the details can be found at this page).
I am not sure if I still have to do this with 5.8, but Arch's website says ThinkPad needs to have it.
```

If not installed

aptitude install acpi-call-dkms

Above package has not been maintained and fails at the post installation

if your current kernel version is newer than 5.6.

So you need to amend a bit as follows:

cd /uslocal/src cp -ra /ussrc/acpi-call-1.1.0 acpi-call-1.1.0-custom cd acpi-call-1.1.0-custom

Amend "acpi_call.c"

Find the lines having:

static struct file_operations proc_acpi_operations = {

Before

static struct file_operations proc_acpi_operations = { .owner = THIS_MODULE, .read = acpi_proc_read, .write = acpi_proc_write, };

After

static const struct proc_ops proc_acpi_operations = { .proc_read = acpi_proc_read, .proc_write = acpi_proc_write, };

and after saving the change, compile it and install it

make

This shows some output with the word "error" and you just ignore them

as they are saying it failed at verifying the binary file

- The code has been changed so be it

make install depmod update-initramfs -u ```

Use "acpi-cpufreq" driver instead of "intel-pstate" driver

I do not remember why I kept using intel-pstate, but I decided to follow what the Reddit Post says to use schedutil.
```

/etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash intel_pstate=disable pcie_aspm=force nvidia-drm.modeset=1" ```
update-grub reboot

Use "schedutil" with TLP

``` CPU_SCALING_GOVERNOR_ON_AC=schedutil CPU_SCALING_GOVERNOR_ON_BAT=schedutil
CPU_SCALING_MIN_FREQ_ON_BAT=800000 CPU_SCALING_MAX_FREQ_ON_BAT=2300000

You would want to amend more/less

```

References

Related Pages

submitted by Interesting-Object to X1ExtremeGen2Related [link] [comments]

wgpu-rs and android-ndk-rs are causing a lot of headaches

OK, so I'm trying to run the hello-triangle example from wgpu-rs on android, and it's causing a lot of issues. First, I switched the example type to a binary and added this snippet to get it to compile:
#[cfg(target_os = "android")] ndk_glue::ndk_glue!(main); 
Then, it was panicking on start because, apparently, the NativeScreen isn't ready and so I hacked in a fix for that: (this snipped was placet at the very begining of async fn run)
#[cfg(target_os = "android")] { println!("Waiting for NativeScreen"); loop { match ndk_glue::native_window().as_ref() { Some(_) => { println!("NativeScreen Found:{:?}", ndk_glue::native_window()); break; }, None => () } } } 
But still, it wouldn't run. So I added a couple extra println! statements to debug further at the ends of their respective functions in async run.
Then, I tested it both on an Pixel emulator with Android 8 and on my rooted Mi 8 with Lineage OS, and unfortunately got 2 different error messages. Here are the relevant adb logcat results
Real device: I RustStdoutStderr: ------------------------RUST START------------------ I RustStdoutStderr: Waiting for NativeScreen I RustStdoutStderr: NativeScreen Found:RwLockReadGuard { lock: RwLock { data: Some(NativeWindow { ptr: 0x73639f4010 }) } } D vulkan : searching for layers in '/data/app/rust.example.hello_triangle-Sq7qBU-XxxSKvKk6XWtvDQ==/lib/arm64' D vulkan : searching for layers in '/data/app/rust.example.hello_triangle-Sq7qBU-XxxSKvKk6XWtvDQ==/base.apk!/lib/arm64-v8a' I AdrenoVK: QUALCOMM build : 033a5b0, I0e419467bc I AdrenoVK: Build Date : 03/11/20 I AdrenoVK: Shader Compiler Version : EV031.27.05.01 I AdrenoVK: Local Branch : I AdrenoVK: Remote Branch : refs/tags/AU_LINUX_ANDROID_LA.UM.8.3.R1.10.00.00.520.058 I AdrenoVK: Remote Branch : NONE I AdrenoVK: Reconstruct Branch : NOTHING I AdrenoVK: Build Config : S P 8.0.11 AArch64 I RustStdoutStderr: surface made I RustStdoutStderr: adapter made I RustStdoutStderr: [2020-06-18T06:37:16Z ERROR gfx_backend_vulkan] [vulkan] invalid vkGetDeviceProcAddr(0x73683eb2c0, "vkGetPhysicalDevicePresentRectanglesKHR") call I RustStdoutStderr: device and queue made I ActivityTaskManager: Displayed rust.example.hello_triangle/android.app.NativeActivity: +172ms I RustStdoutStderr: shader modules made I RustStdoutStderr: pipeline layout made I RustStdoutStderr: pipeline made I RustStdoutStderr: descriptor made I RustStdoutStderr: [2020-06-18T06:37:16Z ERROR gfx_backend_vulkan] [vulkan] invalid vkGetDeviceProcAddr(0x73683eb2c0, "vkGetPhysicalDevicePresentRectanglesKHR") call I hwservicemanager: getTransport: Cannot find entry [email protected]::IMappedefault in either framework or device manifest. W Gralloc3: mapper 3.x is not supported I RustStdoutStderr: swapchain made I RustStdoutStderr: -----------------------ENTERING EVENT LOOP-----------------
Emulator: I RustStdoutStderr: -------------------RUST START---------------------------- I RustStdoutStderr: Waiting for NativeScreen D EGL_emulation: eglMakeCurrent: 0xa45f57a0: ver 3 0 (tinfo 0xa467ea20) I RustStdoutStderr: NativeScreen Found:RwLockReadGuard { lock: RwLock { data: Some(NativeWindow { ptr: 0xb03ba808 }) } } I MicroDetectionState: Should stop hotword detection immediately - false I MicroDetector: Keeping mic open: false I MicroDetector: #shutdownAudioWithAudioLibrary E vulkan : invalid vkGetInstanceProcAddr(VK_NULL_HANDLE, "vkEnumerateInstanceVersion") call D vulkan : searching for layers in '/data/app/rust.example.hello_triangle-52It2mKIndceMGQUCUmqGg==/lib/x86' D vulkan : searching for layers in '/data/app/rust.example.hello_triangle-52It2mKIndceMGQUCUmqGg==/base.apk!/lib/x86' I RustStdoutStderr: surface made I RustStdoutStderr: thread '' panicked at 'called `Option::unwrap()` on a `None` value', examples/hello_triangle/main.rs:34:19 I RustStdoutStderr: stack backtrace: I RustStdoutStderr: 0: I RustStdoutStderr: 1: I RustStdoutStderr: 2: I RustStdoutStderr: 3: I RustStdoutStderr: 4: I RustStdoutStderr: 5: I RustStdoutStderr: 6: I RustStdoutStderr: 7: I RustStdoutStderr: 8: I RustStdoutStderr: 9: I RustStdoutStderr: 10: I RustStdoutStderr: 11: I RustStdoutStderr: 12: I RustStdoutStderr: 13: I RustStdoutStderr: 14: I RustStdoutStderr: 15: I RustStdoutStderr: 16: I RustStdoutStderr: 17: I RustStdoutStderr: 18: I RustStdoutStderr: 19: I RustStdoutStderr: 20: I RustStdoutStderr: 21: I RustStdoutStderr: 22: I RustStdoutStderr: 23: I RustStdoutStderr: 24: I RustStdoutStderr: 25: I RustStdoutStderr: 26: I RustStdoutStderr: 27: I RustStdoutStderr: 28: I RustStdoutStderr: 29: I RustStdoutStderr: 30: I RustStdoutStderr: 31: I RustStdoutStderr: 32: I RustStdoutStderr: note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
I feel completely lost atm. Can anyone explain the error, or redirect to a better place to report this bug?
submitted by TheRawMeatball to rust [link] [comments]

Selenium Headless Getting Detected on Remote Linux(Ubuntu) vs Undetected On Mac

I am working on a white hat side project, my intention is to scrape behind a login screen of my own data so that I can plot it :)

I am able to run the code on local env (mac os/ details below) it logins in and able to go to the desired behind login page.

However when promoted to remote linux server (ubuntu/ details below) it fails to login and is rerouted back to login page.

At first I thought it was ip/ dns registering as blacklisted but then I ran both behind a nordvpn (server: us5793) and was still getting the same result: (Works on local not on Remote)

*This is the same result for local env and remote env*
IP Location | Chicago, Illinois (US)
-- | --
NordVPN
64.44.80.68, 198.143.57.3
Mac OS X
Chrome 83.0.4103.97
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
1920px X 1080px
Enabled
Enabled


The expected result is that the function below returns success in finding the "mytrips" text within the html. This indicates the login was a success.

**My Speculation** Is one of two things,
1 the chromedriver binary responds differently to the `cdc` replacement you do in your code acts differently in my linux env
2 the way javascript is reinjected back into the code isn't correctly working in linux.



Other found resources:
[How to inject JS and beat detection](https://intoli.com/blog/not-possible-to-block-chrome-headless/)
[Many Tests for bot indication](https://antoinevastel.com/bots)
[general chrome headless](https://arh.antoinevastel.com/bots/areyouheadless) *My code passes this for both environments*


I'm going to continue hacking away at this thing and would love to help develop a solution for this and other things moving forward :) , Ideally would love to have the equivalent of the networking tab in inspect to debug these things.



'''
Local MacOS (success) -- Login Success
sys.platform: darwin
sysname: Darwin
version: Darwin Kernel Version 19.3.0: Thu Jan 9 20:58:23 PST 2020; root:xnu-6153.81.5~1/RELEASE_X86_64
release: 19.3.0
machine: x86_64
selenium : 3.141.0
'''

Tried this in python3.6 & 3.8. No luck on either.
```
Remote Linux(fail) -- Login Fail -- Shouldn't matter with vpn, but this lives in AWS Ec2
sys.platform: linux
sysname: Linux
version: #21~18.04.1-Ubuntu SMP Mon May 11 12:33:03 UTC 2020
release: 5.3.0-1019-aws
machine: x86_64
selenium : 3.141.0
```

achieved running behind nordvpn with a shell script
```
#!/bin/bash

echo "Executing Nord VPN"
nordvpn connect us5793


echo "Executing Python"
python3.8 /home/ubuntu/test.py

echo "Disconnecting VPN"
nordvpn disconnect
```



**Created a fake account for you to test on as well **


```
import os
import sys


print(f""" \n
sys.platform: {sys.platform}
sysname: {os.uname().sysname}
version: {os.uname().version}
release: {os.uname().release}
machine: {os.uname().machine}
\n
""")

import undetected_chromedriver as uc
uc.install() #important this is first
from selenium.webdriver import Chrome, ChromeOptions
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.common.by import By
from bs4 import BeautifulSoup

from time import sleep



class BotDriver:
def __init__(self,username, pw, start_url, url_behind_login, headless_input = True):
self.username = username
self.pw = pw
chrome_options = ChromeOptions()
chrome_options.headless = headless_input
chrome_options.add_argument("--incognito")
chrome_options.add_argument('--disable-extensions')
chrome_options.add_argument("--start-maximized")

self.driver = Chrome(chrome_options=chrome_options)
self.start_url = start_url
self.url_behind_login = url_behind_login
self.driver.get('https://www.iplocation.net/')
self.driver.get_screenshot_as_file(f"iplocation.png")
self.driver.get(start_url)
self.waitdriver = WebDriverWait( self.driver, 10)

def get_element(self,findby,argument_to_click):
element = self.waitdriver.until(EC.element_to_be_clickable((findby, argument_to_click)))

return element
def slow_keys(self,input_keys,element,speed=.2):
for character in input_keys:
sleep(speed)
element.send_keys(character)
sleep(1)
def main(self):
element0 = self.get_element( By.LINK_TEXT,"Sign In or Join" )
element0.click()
element1 = self.get_element( By.XPATH,'//*[@id="user-id"]' )
element1.click()
self.slow_keys(self.username,element1)
element2 = self.get_element( By.XPATH,'//*[@id="password"]' )
element2.click()
self.slow_keys(self.pw,element2)
self.driver.get_screenshot_as_file(f"before_submit.png")
element3 = self.get_element( By.XPATH,"//button[@name='submitButton']" )
element3.click()
self.driver.get_screenshot_as_file(f"after_submit.png")
sleep(3)
#test string to find
soup = BeautifulSoup(self.driver.page_source, 'lxml')
test = soup.body.findAll(text='My Trips')
if len(test) > 1:
print(f'\n\n\n Login Success ({test} len {len(test)})\n\n\n')
else:
print(f'\n\n\n Login failed ({test} len {len(test)})\n\n\n')
self.driver.get(self.url_behind_login)
self.driver.get_screenshot_as_file(f"last.png")

if __name__ == "__main__":
username = input('Enter your login email: ')
pw = input('Enter your login pw: ')
start_url = 'https://www.marriott.com/default.mi'
url_behind_login = 'https://www.marriott.com/loyalty/findReservationList.mi'
pbd = BotDriver(username, pw, start_url, url_behind_login, headless_input = True)
pbd.main()

```
*Quick update: * I am still getting this issue. To extract variables from the equation, IE Ubuntu vs Mac os and Local vs Amazon, I'm spinning up a ubuntu instance on an old mac mini to see if the code can run there.
Will update on how it goes!
submitted by jkail1011 to selenium [link] [comments]

A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

penetration-testing-hacking-tools
Penetration testing & Hacking Tools are more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Penetration testing & Hacking Tools list that covers Performing Penetration testing Operation in all the Environment. Penetration testing and ethical hacking tools are a very essential part of every organization to test the vulnerabilities and patch the vulnerable system.
Also, Read What is Penetration Testing? How to do Penetration Testing?
Penetration Testing & Hacking Tools ListOnline Resources – Hacking ToolsPenetration Testing Resources
Exploit Development
OSINT Resources
Social Engineering Resources
Lock Picking Resources
Operating Systems
Hacking ToolsPenetration Testing Distributions
  • Kali – GNU/Linux distribution designed for digital forensics and penetration testing Hacking Tools
  • ArchStrike – Arch GNU/Linux repository for security professionals and enthusiasts.
  • BlackArch – Arch GNU/Linux-based distribution with best Hacking Tools for penetration testers and security researchers.
  • Network Security Toolkit (NST) – Fedora-based bootable live operating system designed to provide easy access to best-of-breed open source network security applications.
  • Pentoo – Security-focused live CD based on Gentoo.
  • BackBox – Ubuntu-based distribution for penetration tests and security assessments.
  • Parrot – Distribution similar to Kali, with multiple architectures with 100 of Hacking Tools.
  • Buscador – GNU/Linux virtual machine that is pre-configured for online investigators.
  • Fedora Security Lab – provides a safe test environment to work on security auditing, forensics, system rescue, and teaching security testing methodologies.
  • The Pentesters Framework – Distro organized around the Penetration Testing Execution Standard (PTES), providing a curated collection of utilities that eliminates often unused toolchains.
  • AttifyOS – GNU/Linux distribution focused on tools useful during the Internet of Things (IoT) security assessments.
Docker for Penetration Testing
Multi-paradigm Frameworks
  • Metasploit – post-exploitation Hacking Tools for offensive security teams to help verify vulnerabilities and manage security assessments.
  • Armitage – Java-based GUI front-end for the Metasploit Framework.
  • Faraday – Multiuser integrated pentesting environment for red teams performing cooperative penetration tests, security audits, and risk assessments.
  • ExploitPack – Graphical tool for automating penetration tests that ships with many pre-packaged exploits.
  • Pupy – Cross-platform (Windows, Linux, macOS, Android) remote administration and post-exploitation tool,
Vulnerability Scanners
  • Nexpose – Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7.
  • Nessus – Commercial vulnerability management, configuration, and compliance assessment platform, sold by Tenable.
  • OpenVAS – Free software implementation of the popular Nessus vulnerability assessment system.
  • Vuls – Agentless vulnerability scanner for GNU/Linux and FreeBSD, written in Go.
Static Analyzers
  • Brakeman – Static analysis security vulnerability scanner for Ruby on Rails applications.
  • cppcheck – Extensible C/C++ static analyzer focused on finding bugs.
  • FindBugs – Free software static analyzer to look for bugs in Java code.
  • sobelow – Security-focused static analysis for the Phoenix Framework.
  • bandit – Security oriented static analyzer for Python code.
Web Scanners
  • Nikto – Noisy but fast black box web server and web application vulnerability scanner.
  • Arachni – Scriptable framework for evaluating the security of web applications.
  • w3af – Hacking Tools for Web application attack and audit framework.
  • Wapiti – Black box web application vulnerability scanner with built-in fuzzer.
  • SecApps – In-browser web application security testing suite.
  • WebReaver – Commercial, graphical web application vulnerability scanner designed for macOS.
  • WPScan – Hacking Tools of the Black box WordPress vulnerability scanner.
  • cms-explorer – Reveal the specific modules, plugins, components and themes that various websites powered by content management systems are running.
  • joomscan – one of the best Hacking Tools for Joomla vulnerability scanner.
  • ACSTIS – Automated client-side template injection (sandbox escape/bypass) detection for AngularJS.
Network Tools
  • zmap – Open source network scanner that enables researchers to easily perform Internet-wide network studies.
  • nmap – Free security scanner for network exploration & security audits.
  • pig – one of the Hacking Tools forGNU/Linux packet crafting.
  • scanless – Utility for using websites to perform port scans on your behalf so as not to reveal your own IP.
  • tcpdump/libpcap – Common packet analyzer that runs under the command line.
  • Wireshark – Widely-used graphical, cross-platform network protocol analyzer.
  • Network-Tools.com – Website offering an interface to numerous basic network utilities like ping, traceroute, whois, and more.
  • netsniff-ng – Swiss army knife for network sniffing.
  • Intercepter-NG – Multifunctional network toolkit.
  • SPARTA – Graphical interface offering scriptable, configurable access to existing network infrastructure scanning and enumeration tools.
  • dnschef – Highly configurable DNS proxy for pentesters.
  • DNSDumpster – one of the Hacking Tools for Online DNS recon and search service.
  • CloudFail – Unmask server IP addresses hidden behind Cloudflare by searching old database records and detecting misconfigured DNS.
  • dnsenum – Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack and then performs reverse look-ups on the results.
  • dnsmap – One of the Hacking Tools for Passive DNS network mapper.
  • dnsrecon – One of the Hacking Tools for DNS enumeration script.
  • dnstracer – Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
  • passivedns-client – Library and query tool for querying several passive DNS providers.
  • passivedns – Network sniffer that logs all DNS server replies for use in a passive DNS setup.
  • Mass Scan – best Hacking Tools for TCP port scanner, spews SYN packets asynchronously, scanning the entire Internet in under 5 minutes.
  • Zarp – Network attack tool centered around the exploitation of local networks.
  • mitmproxy – Interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
  • Morpheus – Automated ettercap TCP/IP Hacking Tools .
  • mallory – HTTP/HTTPS proxy over SSH.
  • SSH MITM – Intercept SSH connections with a proxy; all plaintext passwords and sessions are logged to disk.
  • Netzob – Reverse engineering, traffic generation and fuzzing of communication protocols.
  • DET – Proof of concept to perform data exfiltration using either single or multiple channel(s) at the same time.
  • pwnat – Punches holes in firewalls and NATs.
  • dsniff – Collection of tools for network auditing and pentesting.
  • tgcd – Simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls.
  • smbmap – Handy SMB enumeration tool.
  • scapy – Python-based interactive packet manipulation program & library.
  • Dshell – Network forensic analysis framework.
  • Debookee – Simple and powerful network traffic analyzer for macOS.
  • Dripcap – Caffeinated packet analyzer.
  • Printer Exploitation Toolkit (PRET) – Tool for printer security testing capable of IP and USB connectivity, fuzzing, and exploitation of PostScript, PJL, and PCL printer language features.
  • Praeda – Automated multi-function printer data harvester for gathering usable data during security assessments.
  • routersploit – Open source exploitation framework similar to Metasploit but dedicated to embedded devices.
  • evilgrade – Modular framework to take advantage of poor upgrade implementations by injecting fake updates.
  • XRay – Network (sub)domain discovery and reconnaissance automation tool.
  • Ettercap – Comprehensive, mature suite for machine-in-the-middle attacks.
  • BetterCAP – Modular, portable and easily extensible MITM framework.
  • CrackMapExec – A swiss army knife for pentesting networks.
  • impacket – A collection of Python classes for working with network protocols.
Wireless Network Hacking Tools
  • Aircrack-ng – Set of Penetration testing & Hacking Tools list for auditing wireless networks.
  • Kismet – Wireless network detector, sniffer, and IDS.
  • Reaver – Brute force attack against Wifi Protected Setup.
  • Wifite – Automated wireless attack tool.
  • Fluxion – Suite of automated social engineering-based WPA attacks.
Transport Layer Security Tools
  • SSLyze – Fast and comprehensive TLS/SSL configuration analyzer to help identify security misconfigurations.
  • tls_prober – Fingerprint a server’s SSL/TLS implementation.
  • testssl.sh – Command-line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
Web Exploitation
  • OWASP Zed Attack Proxy (ZAP) – Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.
  • Fiddler – Free cross-platform web debugging proxy with user-friendly companion tools.
  • Burp Suite – One of the Hacking Tools ntegrated platform for performing security testing of web applications.
  • autochrome – Easy to install a test browser with all the appropriate settings needed for web application testing with native Burp support, from NCCGroup.
  • Browser Exploitation Framework (BeEF) – Command and control server for delivering exploits to commandeered Web browsers.
  • Offensive Web Testing Framework (OWTF) – Python-based framework for pentesting Web applications based on the OWASP Testing Guide.
  • WordPress Exploit Framework – Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
  • WPSploit – Exploit WordPress-powered websites with Metasploit.
  • SQLmap – Automatic SQL injection and database takeover tool.
  • tplmap – Automatic server-side template injection and Web server takeover Hacking Tools.
  • weevely3 – Weaponized web shell.
  • Wappalyzer – Wappalyzer uncovers the technologies used on websites.
  • WhatWeb – Website fingerprinter.
  • BlindElephant – Web application fingerprinter.
  • wafw00f – Identifies and fingerprints Web Application Firewall (WAF) products.
  • fimap – Find, prepare, audit, exploit and even google automatically for LFI/RFI bugs.
  • Kadabra – Automatic LFI exploiter and scanner.
  • Kadimus – LFI scan and exploit tool.
  • liffy – LFI exploitation tool.
  • Commix – Automated all-in-one operating system command injection and exploitation tool.
  • DVCS Ripper – Rip web-accessible (distributed) version control systems: SVN/GIT/HG/BZR.
  • GitTools – One of the Hacking Tools that Automatically find and download Web-accessible .git repositories.
  • sslstrip –One of the Hacking Tools Demonstration of the HTTPS stripping attacks.
  • sslstrip2 – SSLStrip version to defeat HSTS.
  • NoSQLmap – Automatic NoSQL injection and database takeover tool.
  • VHostScan – A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.
  • FuzzDB – Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
  • EyeWitness – Tool to take screenshots of websites, provide some server header info, and identify default credentials if possible.
  • webscreenshot – A simple script to take screenshots of the list of websites.
Hex Editors
  • HexEdit.js – Browser-based hex editing.
  • Hexinator – World’s finest (proprietary, commercial) Hex Editor.
  • Frhed – Binary file editor for Windows.
  • 0xED – Native macOS hex editor that supports plug-ins to display custom data types.
File Format Analysis Tools
  • Kaitai Struct – File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles – Binary data visualization and analysis tool.
  • Hachoir – Python library to view and edit a binary stream as the tree of fields and tools for metadata extraction.
read more https://oyeitshacker.blogspot.com/2020/01/penetration-testing-hacking-tools.html
submitted by icssindia to Hacking_Tutorials [link] [comments]

Best Binary Options Trading Strategy  Binary Hack Strategy 100% Working 2019  MACD Strategy How to hack iq option binary - YouTube How To Hack Binary Options and make $647 a Day Binary Options Trade With 100% Accuracy How to Hack! - YouTube 100% profitable iq option hack strategy - iq option ... Binary Options Strategy 2020  100% WIN GUARANTEED ... How To Hack Binary Options and make $647 a Day - YouTube

ADD SOMETHING HERE... Compare 0; Register or sign in; Compare 0 Binary Hackers India Binary Hackers is a free video tutorial website. You can watch videos of Networking , Programming, hacking and server for free. We will give our best to doing video demonstration so you can learn easily. All videos on binary hackers are educational purpose only.We are not responsible for misuse of our videos and article. Binary option system hacking 5.Market that this zulander hack also known as some systems which is another free binary option, at least every minutes, we shall see more How to install android apps to be traded with kali linux distros for the setup establishes a certain binary options systems by binary options scam brokers free money with high amounts in minutes and institutional Need to trade ... No hidden content so the user can just see it, do it, and use the hack. If lipoARM64 wont work, here is how to manually do a binary patch:Instructions:1. Get Darwin CC Tools (version 855) from the BigBoss repo, Clutch2 from cydia.iphonecake.com repo, and iOS Terminal from the BigBoss repo.2. - VE... For the purposes of this page, we use the term “Linux” to refer to the Linux kernel, but also the set of programs, tools, and services that are typically bundled together with the Linux kernel to provide all of the necessary components of a fully functional operating system. Some people, particularly members of the Free Software Foundation, refer to this collection as GNU/Linux, because ... Kali Linux is a Debian-derived Linux distribution that is maintained by Offensive Security. It was developed by Mati Aharoni and Devon Kearns. Kali Linux is a specially designed OS for network analysts, Penetration testers, or in simple words, it is for those who work under the umbrella of cybersecurity and analysis. Thursday, October 20, 2016. Linux Hack Binary Options

[index] [13433] [26203] [28810] [29265] [20733] [1524] [23484] [23046] [20213] [3028]

Best Binary Options Trading Strategy Binary Hack Strategy 100% Working 2019 MACD Strategy

Your real way to EARN BIG PROFIT - ITS EASY! I EARN 975 in week HERE))) http://goo.gl/AzaS9q /// You will earn more at 1 minutes binary options Strategy Earn... The road to success through trading IQ option Best Bot Reviews Iq Option 2020 ,We make videos using this softwhere bot which aims to make it easier for you t... Hello friends today i will show our secret software thats one software which you earn money from iq option binary trading its 100% profitable if you want or ... Be VERY careful about anyone promising you easy money with binary options, a binary options trading system, a binary options trading robot, etc. They will suck up your money. They will suck up ... Trading Profits of $760 in just 72 seconds! TOP SECRET Formula! Click Here Now! http://tiny.cc/Autopilot-Profit The Secrets to Automated Binary Success! Safe... 8 TRADING HACKS IN 90 SECONDS - Duration: 2:00. Blame Forex 106,094 views. 2:00. NEVER LOSS ... Binary options 100% winning strategy - ONLINE TRADING STRATEGY - Duration: 4:12. Online Trading ... Free Try: https://bit.ly/2Sstje2#binary_options #iq_option_strategy #iq_option★★Best Binary Broker List★★-----RISK WARNING: Y...

http://binary-optiontrade.rohuziltielecom.tk