File difference hackthebox Forensics USB Challenge [on hold]

i am trying to solve hackthebox challenge “There is a sysadmin, who has been dumping all the USB events on his Linux host all the year… Recently, some bad guys managed to steal some data from his machine when they broke into the office. Can you help him to put a tail on the intruders? Note: once you find it, “crack” it.”

there are two files auth.json and syslog i think it was done by using snovvcrash/usbrip i have worked around this quite long time.

in both files there are inside [Manufact, Product, Serial]

what i have done

1) cat syslog | grep manufact >> syslogmanufact.txt

2) sed ‘4,200005!d’ auth.json >> authmanufactmanufact.txt

3) colordiff -y -W 70 jsonmanufacturer.txt manufacturersyslog.txt >> bothdifference.txt

when i compare both files are same i tough syslogmanufact.txt and authmanufactmanufact.txt should be difference but there are same

i want to find some tips thank you!!!

Thoughts on Fastly? [on hold]

First post here! I’m doing a research project on Fastly and CDNs for class and I would love to know what your thoughts are on Fastly’s products (fyi I have minimal tech background, but working knowledge of CDNs). If you could answer some of my questions below, I would greatly appreciate it!

  • Why do you/would you choose Fastly over other CDN providers such as Akamai and Cloudflare? If not, why wouldn’t you choose Fastly? Does Fastly offer compelling value/products above other offerings, or are its benefits only marginal compared to competitors’ offerings?
  • I understand Fastly differentiates itself by offering services to accompany its CDNs. How important are these additional services to your needs? Do you truly need them or just want them? I know a lot of these features are offered separately but I’m not sure how much of a benefit Fastly provides by integrating all of the features into one platform. And are they even the only ones that offer said extra features?
  • How important is the number of PoPs a provider operates? I’ve heard some say Fastly is better than Akamai, but doesn’t Akamai have ~2000 PoPs while Fastly only has ~60? How can Fastly beat Akamai on lower latency and a better product while maintaining much fewer PoPs?
  • How does Fastly compare to large cloud providers such as Amazon, Google, and Microsoft’s offerings? If they have an extraordinary product, do you think they’ll be able to continue offering a great product, or will the big dogs eventually catch up and dominate Fastly?
  • Are egress fees a major concern when using non-public cloud CDN providers?

Thank you to whoever has input!

Unable to debug my code [on hold]

Problem is MARCHA1 of Codecehf . HERE is link :https://www.codechef.com/problems/MARCHA1

IN SHORT I’LL SUMMARISE THE QUESTION : we are given n number of notes of any denominaton and m is required money . If we can find any subset of notes which sums up to m then print “YES” else “NO”

My approach was like , I stored all notes in set. Then from end value of set (since set sorts all values) , checks if m is in set then break loop and print “YES” , else if end value is less than m , update m to m minus value . and earse last element of set . this loop runs while set is not empty.
But ,on submission it shows wrong answer .

HERE IS MY CODE:

int n , m;   cin >> n >> m ; multiset< int > s ; int c ; for(int i=1;i<=n;i++){     cin >> c ;     s.insert(c); } int flag = 1 ;  while(!s.empty()){        if(s.find(m)!=s.end()){        cout << "YES" << "\n";  // if m is found break        flag = 0;        break;     }     else{         auto it = --s.end() ;         if(*it < m) m = m - *it ;         s.erase(it); // to earse last element          }     } if(flag) cout << "NO" << "\n"; 

Evil Twin without wireless adapter(monitor mode) [on hold]

I wanted to try out to do an Evil Twin attack on Kali Linux or Windows 10, but I don’t have the described hardware that’s required (wireless adapter for monitor mode etc.). What I am asking for is a method to create a “fake” hotspot from which I can grab data. I’m on a laptop (windows 10/kali linux vm) if that changes something.

Python program not working accurately [on hold]

First I wanna tell I am beginner and this is among my first program:

def square_area(side): return (side * side)

def rectangle_area(length, breadth): return (length * breadth)

def circle_area(radius): return (3.14 * radius * radius)

shape = input(“What shape’s area you wanna calculate: “)

if shape != “square” or “rectangle” or “circle”: print(“Only circle, rectangle and square.. Sorry!!”)

if shape == "square":        side = int(input("Enter side: "))     result = (square_area(side))     print(result)  elif shape == "rectangle":     length = int(input("Enter length: "))     breadth = int(input("Enter breadth: "))     result = (rectangle_area(length, breadth))     print(result)  elif shape == "circle":     radius = int(input("Enter radius: "))     result = (circle_area(radius))     print(result)  Even after typing circle or square it displays only first message ("Only circle square....") 

Why??

Unable to load Kali Linux from usb [on hold]

I am trying to triple boot my system with windows Ubuntu and Kali. I already have windows and ubuntu dual booted, but when I try loading the bootable flash drive containing Kali, it says that I need to disable secure boot. But I cannot find the secure boot option anywhere in my BIOS menu.

I have an Asus ROG GL503GE and I do have UEFI. I had installed Ubuntu without disabling secure boot thankfully but now I really do need to disable secure boot for Kali and I can’t disable it. I don’t see the flashdrive in the grub menu so as to change any code with ‘e’.

Is there an opposite class for a Witch that is generally considered the good version? [on hold]

Is there a good class counterpart for a witch? Not a white witch but a completely different class that is generally considered the ‘light’ version (where the witch is the ‘dark’ version)

Additional Info:

The motivation for the question is I am trying to create a story for my own game, so I am not really playing any specific game. I need a class that I can consider as an opposite of the witch. I know this may vary from game to game; I wanted to know what class(es) has/have been considered by games as the good opposite of a witch, whatever those games maybe.

XSS exploitation tools written in PHP/python comparable to BeEF [on hold]

I asked already a similar question. But for most it was not clear what I was asking about. Now I try my best and clarify as much as possible.

I tested XSS-exploitation tools: JSShell, BeEF, xssshell-xsstunnell and JShell. But was not satisfied (reasons below).

BeEF and co. are simply “command & control” (C&C) tools (with some extra exploits added as bonus) which obviously need to run on a public server to create a “communication channel” between an attacker and a victim. Now BeEF is written in ruby, but most websites are using PHP (79.1% in 2019) and often have also natively python installed. Many hosting providers don’t give you root access. That makes it a bit odd that someone comes to idea to write C&C in ruby or even in ASP.NET since one would expect it to be written in PHP or python.

I wanted to bypass such restrictions (if even possible?) and still (!) use it on my local machine but allow it being accessible from the the outside. Yes! By using VPN and reverse proxy: https://serverfault.com/questions/979393/hosting-files-on-local-machine-behind-a-nat-which-can-be-accessed-from-public-se But I will need to test it and as far as haven’t tested it remains an open problem for me and I will just try existing tools.

Question:

Are there any C&C tools which are comparable in quality to BeEF (since it offers many useful features which I miss in other tools which I tested so far) but written in PHP or python? Most tools which I’ve seen so far aren’t comparable in quality to BeEF or written in other scripting languages or for other platforms like Windows Server. I googled but maybe I’m overlooking something.

Because currently it appears to me that if you want to fully exploit XSS you need to rent a server which supports ruby or ASP.NET. This is absolute valid, but not far from ideal.

Trying SQL injection [on hold]

I am playing one game where i am trying to do sql injection. Point is to log in as admin(username field password field). In Url is parameter "?uid=4" which is probably vulnerable. I tried all payloads that are in burpsuite and those are 3 different results i get.
a) username field = admin
b) username field = Josh
c) username field is empty

And this is result from sqlmap

--- Parameter: uid (GET)     Type: time-based blind     Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)     Payload: uid=4 AND (SELECT 5670 FROM (SELECT(SLEEP(5)))DQVx) --- 

But i dont know how to use it to log in as admin.