0ld_is_g0ld is a HackTheBox challenge and a great way for beginners to familiarize themselves with PDF password cracking. If you have used Hashcat before, it's an easy win. Verifying we indeed are targeting the correct file format: $ file 0ld\ is\ g0ld.pdf 0ld is g0ld.pdf: PDF document, version 1.6 We can extract the hash using… Continue reading HackTheBox 0ld_is_g0ld Write-up
The Thing about Mutable Default Arguments in Python
Yesterday I stumbled across some code like this… def search_children(statespace, node, start_index=0, depth=0, results=[]): if depth < MAX_SEARCH_DEPTH: n_states = len(node.states) if n_states > start_index: for j in range(start_index, n_states): if node.states[j].get_current_instruction()['opcode'] == 'SSTORE': results.append(node.states[j].get_current_instruction()['address']) ... The semantics of the code don’t really matter here. Still spot the bug? It’s a very common Python gotcha… Continue reading The Thing about Mutable Default Arguments in Python
Low-level Debugging of Stubborn Docker Containers
A few weeks back I have started contributing to the awesome Mythril project. Mythril is a security scanner for smart contracts that allows everyone to look for vulnerabilities on- and off-chain by being able to analyze raw smart contract code, as well as the actual Solidity code file. To make setting it up more easy,… Continue reading Low-level Debugging of Stubborn Docker Containers
Quick Hack: Generating PDFs with Python and XeTeX
A friend of mine is following a PhD in a non-technical field. And his boss is a bully. Work mainly happens with high-level statistical analysis tools. No one knows anything about programming and most problems are solved by hand. While on a positive note this means good chances to get a student job, it also… Continue reading Quick Hack: Generating PDFs with Python and XeTeX
Converting MySQL Table Data to a Graphml File
I recently found myself in the situation where I was given access to a huge MySQL database that contained network traffic flows and IDS signature match data. As I work a lot with graph-based approaches, I needed to convert the table’s flow data into a graphml file for later visualization and analysis with scripts I… Continue reading Converting MySQL Table Data to a Graphml File
N-wise Iteration in Python
A few hours back I stumbled into a problem where I had to perform a lookahead of n elements in a list to do some calculations. The first thought: Just take the current index and get all elements until i+n. I started writing.. for i in range(len(iterable)): ---- SNAP ---- Stop. This is awfully unpythonic.… Continue reading N-wise Iteration in Python
Parsing KMZ Track Data in Python
A few days back I stumbled across an interesting problem. I was asked to develop a solution that was doing some analysis work on geolocation data stored in KMZ format. Existing solutions like fastkml (64KB) and pykml (42KB) seemed nice at the first glance, proved to be unnecessary overhead, however. They’re mostly meant to manipulate… Continue reading Parsing KMZ Track Data in Python
Visualizing IP Network Graphs in Python
For some research on botnet host detection in large-scale networks, I found myself in the situation that I had to apply a set of algorithms to a huge packet dump. To comprehend an amazing paper, I started to play around with the dataset and tried to reproduce the results presented in the whitepaper. Quickly I… Continue reading Visualizing IP Network Graphs in Python
The “Pythonic” GOTO
Nope, I’m not going to join the goto war. Even though it’s shunned among developers, there are still some situations where it makes sense. A good friend of mine with a background in C recently came to me with a very simple problem that still made him scratch his head when he tried to express… Continue reading The “Pythonic” GOTO
Code Checking with Git Hooks and Flake8
We all have that special someone in our life. Someone who dares to commit and push something like this into the master-branch: import math, os, sys def test_function(one, two, three, four, five): from test.utils import * print x; print y if two==three and (four!=five or one!=three) and (sqrt(four)==two or sqrt(two)==one): return math.ldexp( one, two )… Continue reading Code Checking with Git Hooks and Flake8