Award-Winning Literary Portal Running Since 1999 Goes on Sale!

Why are you selling this site? Focus on other activities, so allow someone else to benefit from it.

How is it monetized? Google Adsense and affiliate program links.

Does this site come with any social media accounts? Yes.

How much time does this site take to run? 10 hours a week.

What challenges are there with running this site? Updating it.

Age of site: Founded in 1999 with the name/brand LitLinks. Switched to…

Award-Winning Literary Portal Running Since 1999 Goes on Sale!

Can virut (from around 2010) infect my Mac running OS X 10.15?

My friend has an old hard drive (Windows boot drive, I think XP) that contains data (music, images, etc) that he would like to recover. The problem is that it was infected around 2009/10 with a nasty piece of malware that I suspect is a variant/instance of virut. I surmise this because there was a process called reader_s that was run by the malware that was almost impossible to kill, and the only solution we ever found was to completely reformat the drive. Some googling leads me to believe this means the malware is virut. For the sake of the question we can assume that is true.

The question is: is it even possible for the hd to infect my mac with this malware if I connect it via a sata to usb adapter?

I suppose the ‘correct’ way to extract the information is as outlined here, but I was wondering what actual risk there is of it infecting my mac if I just plug it in? I can’t find reliable information about whether the virut variant of that time could run on OS X (although I would hazard not)… on the other hand, even if it can’t execute code there, I imagine it may still be possible for infected files to spread if the files are then copied to vulnerable OSs?

Summary

  1. Can my mac become infected by this malware if I copy data (media only, no executables) to it from the infected Windows hd?
  2. Even if not, can then transferring those (media only, no executables) files from my mac to a windows machine infect that machine (assuming this is virut)?

Point Subdomain in Google Domains to Google Compute Instance running WordPress

I have installed wordpress (the bitnami multi-site version) to a compute instance from the marketplace. I’ve also recently moved my domain registration to domains.google.com. Everything is working fine with the top-level domain. I also set up a subdomain, wp.mydomain.com in the domains interface pointed to the static external IP I configured for the compute instance running wordpress. When I go to wp.mydomain.com it redirects me to http://.xip.io/.

How do I get this set up so that I stay on wp.mydomain.com instead of going to my ip address as the url?

I am seeing the error rpcinfo: can’t contact rpcbind: RPC: Remote system error – No such file or directory when running the rpcinfo command

So guys I am new to kali linux, sorry if this is a basic question but I am seeing this error message rpcinfo: can’t contact rpcbind: RPC: Remote system error – No such file or directory whenever I am running the command rpcinfo -p for NFS testing.

What is the lowest-level spell combo to give disadvantage to an enemy’s specific save, without running into follow-up concentration issues?

What I’m trying to do is debuff an enemy’s stat so that I can hit them with a “save or suck” spell like dominate monster, and be more likely to succeed.

The problem is, I’m running into concentration issues because most spells that debuff a single stat like Bestow Curse use concentration, and thus I cant use them in conjunction: The moment I cast Dominate Monster, Bestow Curse is removed.

Hex also will not work because it only impacts ability checks, and not saves.

To clarify, I am a Warlock who wants to cast powerful disabling spells only when they have a high chance of success (so typically Wisdom has to be the weakened modifier). However, I am open to answers outside of that class, as well as any spell combos that specifically function as

  1. Weakening the the ability save for the second spell without utilizing concentration, and

  2. The second spell being a powerful, one-save spell of concentration.

What spells would be the best for this kind of combo, given that only I can cast the spells?

Time complexity of code running at most summation(N) times in a loop

Let’s say I have a JavaScript loop iterating over input of size N. Let’s say all elements in N are unique, so the includes method traverses the entire output array on each loop iteration:

let out = [] for (x in N) }   if (!out.includes(x)) {     out.push(x)   } } 

The worst case runtime of the code inside the loop seems to be not O(N), but the summation of N, which is substantially faster.

Is this properly expressed as O(N^2) overall or is there a standard way to convey the faster asymptotic behavior given the fact that the output array is only of size N at the end of the loop?

Is running bash script that is taking arguments from site dialog box a good idea?

I’m building a site that will use youtubeAPI to keep track of playlist changes. In order for 3rd party to use it I would supply a dialog box in which user would type his/hers playlistID – this would be read and then put as an argument into bash script that in turn runs curl/python scripts to connect with API (ran on my machine) and another bash script that would mkdirs on my disk.

Does this potentially endanger me/my files somehow ? Can someone input some magic command that would do “rm * -f” or similar malicious endeavor ? Should I use some external server instead of my machine ?

I know nothing about security, Ive read few topics here but didnt find similar problem.

Analysis of Dijkstra algorithm’s (Lazy) running time

I’m trying to figure out the running time for a Dijkstra algorithm. All the sources I have read say that the running time is O(E * log (E)) for a lazy implementation.

But when we do the math we get O(E * (Log(E)+E*Log(E))).

Since E isn’t a constant, I don’t see how someone could reduce this to O(E * log (E).

Are we analyzing the wrong or is it possible to reduce?

        while (!minPQ.isEmpty()) { <=== O(E)             Node min = minPQ.poll(); <=== O(log(e)              for (Edge edge : graph.adj(min)) { <=== O(E)                 if (min.getId() == target.getId()) {                     // Source and Target = Same edge                     if (edgeTo.size() == 0) edgeTo.put(target, edge);                      return;                 }                  relax(edge, min, vehicle); <=== log(e) (because of add method on PQ)             }       } 

Does antivirus software detect scrceen grabbing functionality in a running program?

Let’s say a malicious actor publishes a piece of software that calls a screenshot function (e.g. Graphics.CopyFromScreen() or the UIAutomation Framework in .NET) every so often, but doesn’t notify the user of that. I download and install that software.

Assuming that the software is signed with a valid publisher certificate, I have a few questions around that:

  • Would that screengrabbing behaviour be detected by an(y) Antivirus solution?
  • If yes, do legitimate screengrabbing programs need exceptions in an antivirus program to allow that behaviour?
  • If no, will at least the exfiltration of the data be detected by the AntiVirus software? (I guess the exfiltration can happen in so many different ways that it’s a bit of an arms race to see that bytes are being sent that encapsulate/encode the screengrab and not some form of telemetry, for example)

I’ve been googling for a while but can’t seem to find anything on the topic.

Handlebars.js 4.1.1 Server Side Template Injection exploitation – running system commands with a Node.js RCE when require() is not available?

I’m currently reading the following article and trying to exploit the vulnerability (Handlebars.js 4.1.1 Server Side Template Injection):

http://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html

Sure enough, the proof of concept code works fine. Specifically, the final snippet from Matias works in my setup. However, after all those context changes, I no longer have access to the require keyword, and therefore I cannot do require('child_process').exec(), because it says require is not defined.

I tried looking for global variables in the current context which might help me, but found nothing.

I also considered copying the whole child_process library’s source code into my payload, but that’s not trivial, since the library uses other libraries and some specific variables, which are not initialized for me (primordials, for example).

In order to continue the assignment, I need to get a reverse shell on the target machine. How can I use the RCE to run system commands/get a reverse shell if I cannot use require()?