Get rid of ‘a’/newline at end of input

I’m trying to execute a BufferOverFlow with gdb/gdb-peda on an old CTF x64 ELF. My payload is created with pyth0n as below

python -c "print 'A' * 40 + '\x46\x11\x40'" 

‘\x46\x11\x40’ in the subroutine address that I wanna execute

But when I check the RIP it is set to 0x000000000a401146 There is an ‘a’. As I understand this is a newline character. But I can’t figure how to get rid of that. Can someone tell me what am I missing here? I tried without python as well. Still, I see that additional ‘a’ at the end.

What is gmain and Input thread?

So i was running this command: sysdig evt.dir=\< and not ( ) , and there were a few results that seemed kind of strange. There are two processes, one named gmain and the other InputThread. They’re threads, so they don’t show up on top. In htop, when enabling show user threads and kernel threads, I have to take the thread ids from sysdig and correlate them to the htop output. Some of the comm names there are Xorg, libwhisker.so.

In /proc, the ids there are non existent, and ps does not show them as well. Because they’re threads, they’re supposed to be in /proc/pid/task/tid. If i were to ls /proc, the directories are non existent, but i’m able to cd into /proc/ even though they’re not there. And also the one that leaves me puzzled is, if i were to run sysdig and start running firefox, the entire machine hangs.

And so the question is, is this supposed to happen? Is the use of sysdig kernel probes and a running firefox a bad thing? Why do these process ids that i got from sysdig not appear when i do an ls, but a cd into them works? What is gmain, which according to only 2 relevant entries in a google search, is a gnome associated process, but i’m running xfce?

How do I input a 2d matrix when no spacing is given in adjacent elements while taking the input in c++?

Thanks for looking over, so I’m trying to take a nxn matrix as input where in the input is in the following format example :

4 1123 3442 5632 2444 

you see the input format that’s my problem I don’t want those elements to be stuck together and c++ is reading the rows as if each of the row is a number which means “cin” is reading only n elements and I expect it to read all n×n elements to be read separately. Pardon me if the question wasn’t upto the mark as this is my first question.

Argument in proving that function is not polynomial time in bit length of input seems faulty

I am currently solving a question that asks which of the following functions can be calculated in polynomial time:

$ $ n!, \binom{n}{5}, \binom{2n}{n}, n^{\lfloor \lg n \rfloor}, \lfloor \sqrt{n} \rfloor, \text{the smallest prime factor of } n, \text{the number of prime factors less than }n.$ $

In proving the first one, I thought $ n! \geq n$ and the input size is $ \log_2 n$ so the output cannot even be written in polynomial time. So then clearly the calculation cannot be done in polynomial time.

But then I thought I must have some misunderstanding, since by that logic even just calculating $ n$ from the input (that is, the identity function) should not be polynomial time. But that’s clearly not possible.

What is the problem in my thinking, and instead how should I be thinking about these?

Balance implications of these output to input luck change house rules?


What classes and approaches are helped and/or hindered by this set of house rules?

For an upcoming DnD 5e campaign I am considering two house rules, both of which substantially effect one another. The implications are far reaching and complex enough I am having trouble deciding what classes, techniques, and playstyles come out ahead or behind.

Rule 1: Players Roll Rule

  • When a PC is attacked, they roll a defense and add ac bonus vs a static attack (calculated as attack bonus +10)
  • When a PC casts a save spell on an NPC they roll, and add the DC bonus (static save for npc is calculated as save+12)

Rule 2: Deck Play in Combat

  • Use a 52 card deck (without Jokers) instead of a D20 during combat rounds.
    • When initiative is rolled in combat draw 10 cards.
    • When a D20 would be rolled as part of an action (not a free action) instead you must play a card from your hand.
    • Red number cards are listed value
    • Black number cards are listed value plus 10
    • Aces are 1 (1 if red, 11 if black)
    • Royals are top of your discard minus a value. K=D-1, Q=D-2, J=D-3
      • If the top card of the discard is a royal or the discard is empty, the royal is =2
      • When the last card is played from your hand, draw back up to ten
    • When the last card is drawn from your deck, shuffle in the discard.
  • Adv and Disadv
    • Advantage is “play 1 card from your hand, and the top card of the deck, take the higher result”
    • Disadvantage is “play 1 card from your hand, and the top card of the deck, take the lower result”
  • You may take a full round action to discard your entire hand and draw up to ten.

NOTES

The title of this campaign, as pitched to the players, is “An extremely house rule heavy and experimental campaign” so they at least know what they’re in for. ^_^

Rule tweaks and alternatives sound conversationally fun, but are not quite answers.

The motivation here is to turn some output random into input random, inspired by this video: https://www.youtube.com/watch?v=dwI5b-wRLic

This is intended to embrace the “figure out the enemies’ ac/hp/attack value” aspect of some combat.

What can make input injected with JavaScript unrecognizable?

Often when I input text into a field with JavaScript (for the sake of automating form filling):

document.querySelector("#username").value = "USERNAME"; 

I encounter the following problem.

My problem

Inputted text isn’t recognized as is, so the form could not be submitted and I am asked to “fill in data in all fields” → unless I, say, delete the last (or first) character of the inputted text and then re-input that character manually myself.

A failed coping pattern

To cope with the aforementioned problem I have tried the following pattern which failed:

1) Manually mouselick on all fields and then execute in devtool console:

dispatchEvent(new Event("keydown")); dispatchEvent(new Event("keyup")); dispatchEvent(new Event("change")); 

true

2) Manually mouselick on all fields again;

But I still have the same problem in many different scenarios (different websites).


My question

What can make input injected with JavaScript unrecognizable?
What makes inputted text unrecognizable in some web form fields (or web forms) and how to tackle it?

Why according to my opinion this question is not about coding and does not belong to StackOverflow

I am not asking for a code solution; I am asking what are the information security concepts implemented by programmers of such “defended” forms and I assume that the list of options isn’t endless and isn’t long (I think I have already covered most options).

PostgreSQL: Prevent SQL injection for like query with % input

We are allowing the user to post the contents on our application, in a case user entered the % in the title of the post and we are running like query to fetch the data from the database. Here is the snippet from the post table

id |         title           | short_description |   long_description  1   how many % amounts you       ----------          --------------      should save                --------------       ----------------- 

Query we are running:

SELECT id, title from post where post.title LIKE '%string entered by user%' 

Now if the user enters amounts then query works fine and returns something like.

SELECT id, title from post where post.title LIKE '%amounts%' 

and returning the desired result.

But, when a user enters how many % amounts in the search field, it is returning all the rows which are starting from how many and contains amounts in the upcoming words, which is wrong because the generated query is.

SELECT id, title from post where post.title LIKE '%how many % amounts%' 

And another thing is if the user enters only % the query returns all the results.

If we try escaping the % or other special characters and the result is way more different than it should be.

Please suggest a solution if you have any.

Is this set semi-decidable? A set of all that M is a TM halts on all input strings w such that w

A is a set of all < M > that M is a TM halt on all input strings w such that w <= q(M) where q(M) is the number of states in M.

Is A semi-decidable? Is a complement of A semidecidable?

I think A is semi-decidable. We can construct M*.

M1 = “On input < M > where M is TM

Simulate M on input with all of the string whose length is less than q(M). If all halts, accept”

The complement of A is not semi-decidable. But I’m not sure how to prove it