I tried left-shift in python and lua, but get different result
lua
print(bit.lshift(1, 40)) --> 256
python
1 << 40 --> 1099511627776
That's because bit.lshift uses 32 bits (assuming this is the bitop library running under PUC Lua 5.1 / LuaJIT):
It's desirable to define semantics that work the same across all platforms. This dictates that all operations are based on the common denominator of 32 bit integers. (https://bitop.luajit.org/semantics.html#range)
so it wraps around at 2^32 thus making the result 2^(40-32) = 2^8 = 256.
whereas Python uses bigints:
$ python3
Python 3.8.10 (default, Mar 15 2022, 12:22:08)
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> 1 << 128
340282366920938463463374607431768211456
>>> 1 << 256
115792089237316195423570985008687907853269984665640564039457584007913129639936
(these numbers well exceed 64-bit ints)
In Lua versions since 5.3, which have a 64 bit signed integer type, you'll get the same result:
$ lua
Lua 5.3.4 Copyright (C) 1994-2017 Lua.org, PUC-Rio
> 1 << 40
1099511627776
workaround in 5.1: Simply multiply by 2^40 instead of shifting:
$ lua5.1
> =2^40
1099511627776
Related
I have a ciphered .docx document I would like to recover and I don't remember the password. I'm trying brute-forcing it but it's taking way too long, so it's not going to be option. However, I know the exact content of part of it (296 characters). Any help?
Unfortunately, part of the document wouldn't help.
To get to the cleartext, any cracker would still need to go through trying to crack the password hash that is exported from the document, and with your logic try to decrypt the file and interpret it's content, compare it to the known cleartext. There is no such funcitonality, especially for specialized document formats.
Here is an example how to approach it:
Document: encrypted_doc.docx
Password: 123horse123
You will have to use office2john to export the hash to be cracked from the document.
wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo/run/office2john.py
python office2john.py encrypted_doc.docx > doc_pass_hash.txt
cat doc_pass_hash.txt
encrypted_doc.docx:$**office$*2013***100000*256*16*e77e386a8e68462d2a0a703718febbc9*08ee275ccf4946ae0e5922e9ff3114b7*0ab5fc00964f7ed4be9e45c77a33b441b2c4874d28e4bc30f38e99bfb169fcf4
Remembering some information about the password(complexity, some chosen words if any, character set etc.) mask attack could help you run a more effective way to uncover the document.
Run hashcat --help to see which document file are you dealing with:
9700 | MS Office <= 2003 $0/$1, MD5 + RC4 | Documents
9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 | Documents
9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 | Documents
9800 | MS Office <= 2003 $3/$4, SHA1 + RC4 | Documents
9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1 | Documents
9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2 | Documents
9400 | MS Office 2007 | Documents
9500 | MS Office 2010 | Documents
9600 | MS Office 2013 | Documents
Based on what you can recall from the password, you can choose from the following:
- [ Attack Modes ] -
# | Mode
===+======
0 | Straight
1 | Combination
3 | Brute-force
6 | Hybrid Wordlist + Mask
7 | Hybrid Mask + Wordlist
Here are the options for hashcat to specify the password:
?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?#[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff
You can also create your own dictionary, which then will be used when generating the passwords, if you remember at least part of the password. This can be the most efficient help.
So in my example, let's run a brute force attack with mask(3 digits, 5 alphabetical characters, and another 3 digits):
hashcat -m 9600 -a 3 doc_pass_hash.txt --username -o cracked_pass.txt ?d?d?d?l?l?l?l?l?d?d?d --force
You can hit [s] for status:
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit => s
Session..........: hashcat
Status...........: Running
Hash.Type........: MS Office 2013
Hash.Target......: $office$*2013*100000*256*16*e77e386a8e68462d2a0a703...69fcf4
Time.Started.....: Sat May 30 16:59:30 2020 (3 mins, 41 secs)
Time.Estimated...: Next Big Bang (17614 years, 157 days)
Guess.Mask.......: ?d?d?d?l?l?l?l?l?d?d?d [11]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 21 H/s (7.50ms) # Accel:128 Loops:32 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 4608/11881376000000 (0.00%)
Rejected.........: 0/4608 (0.00%)
Restore.Point....: 0/1188137600000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:9-10 Iteration:24672-24704
Candidates.#1....: 623anane123 -> 612kerin123
As you see, this one doesn't seem to be very effective (Time.Estimated...: Next Big Bang (17614 years, 157 days)), however, adding a wordlist is a good idea:
cat wordlist.txt
dog
horse
cat
hashcat -m 9600 -a 6 doc_pass_hash.txt wordlist.dict ?d?d?d?l?l?l?l?l?d?d?d --username -o cracked_pass.txt --forces
Session..........: hashcat
Status...........: Running
Hash.Type........: MS Office 2013
Hash.Target......: $office$*2013*100000*256*16*e77e386a8e68462d2a0a703...69fcf4
Time.Started.....: Sat May 30 17:15:34 2020 (1 min, 25 secs)
Time.Estimated...: Next Big Bang (734631 years, 226 days)
Guess.Base.......: File (wordlist.dict), Left Side
Guess.Mod........: Mask (?d?d?d?l?l?l?l?l?d?d?d) [11], Right Side
Guess.Queue.Base.: 1/1 (100.00%)
Guess.Queue.Mod..: 1/1 (100.00%)
Speed.#1.........: 2 H/s (0.47ms) # Accel:128 Loops:32 Thr:1 Vec:8
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 129/35644128000000 (0.00%)
Rejected.........: 0/129 (0.00%)
Restore.Point....: 0/3 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:43-44 Iteration:32000-32032
Candidates.#1....: dog360verin123 -> cat360verin123
As we see this is not yet correct, as the candidates generate prior the mask. So this needs some more tweaking.
Masks you can define specific characters as well, for instance:
hashcat -m 9600 -a 3 doc_pass_hash.txt ?d?d?dhorse?d?d?d --username -o cracked_pass.txt --force
Session..........: hashcat
Status...........: Cracked
Hash.Type........: MS Office 2013
Hash.Target......: $office$*2013*100000*256*16*e77e386a8e68462d2a0a703...69fcf4
Time.Started.....: Sat May 30 17:24:32 2020 (28 secs)
Time.Estimated...: Sat May 30 17:25:00 2020 (0 secs)
Guess.Mask.......: ?d?d?dhorse?d?d?d [11]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 18 H/s (8.21ms) # Accel:128 Loops:32 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 512/1000000 (0.05%)
Rejected.........: 0/512 (0.00%)
Restore.Point....: 0/100000 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:99968-100000
Candidates.#1....: 123horse123 -> 112horse778
cat cracked_pass.txt
$office$*2013*100000*256*16*e77e386a8e68462d2a0a703718febbc9*08ee275ccf4946ae0e5922e9ff3114b7*0ab5fc00964f7ed4be9e45c77a33b441b2c4874d28e4bc30f38e99bfb169fcf4:123horse123
Cracked password in the end of the file: 123horse123
There is more to be read about rules and cracking with increased password lenght (--incremental) and combined attacks, but you get the idea.
Here are the official basic examples to get you started:
- [ Basic Examples ] -
Attack- | Hash- |
Mode | Type | Example command
==================+=======+==================================================================
Wordlist | $P$ | hashcat -a 0 -m 400 example400.hash example.dict
Wordlist + Rules | MD5 | hashcat -a 0 -m 0 example0.hash example.dict -r rules/best64.rule
Brute-Force | MD5 | hashcat -a 3 -m 0 example0.hash ?a?a?a?a?a?a
Combinator
| MD5 | hashcat -a 1 -m 0 example0.hash example.dict example.dict
I'm trying to use liner_profiler library in jupyter notebook with cython function. It is working only halfway. The result I get only consist of first row of the function and no profiling results.
%%cython -a
# cython: linetrace=True
# cython: binding=True
# distutils: define_macros=CYTHON_TRACE_NOGIL=1
import numpy as np
cimport numpy as np
from datetime import datetime
import math
cpdef np.int64_t get_days(np.int64_t year, np.int64_t month):
cdef np.ndarray months=np.array([31,28,31,30,31,30,31,31,30,31,30,31])
if month==2:
if (year%4==0 and year%100!=0) or (year%400==0):
return 29
return months[month-1]
For the profiling result int onlt shows one line of code
Timer unit: 1e-07 s
Total time: 0.0015096 s
File: .ipython\cython\_cython_magic_0154a9feed9bbd6e4f23e57d73acf50f.pyx
Function: get_days at line 15
Line # Hits Time Per Hit % Time Line Contents
==============================================================
15 cpdef np.int64_t get_days(np.int64_t year, np.int64_t month):
This can be seen as a bug in the line_profiler (if it is supposed to support Cython). To get the code of the profiled function, line_profiler reads the pyx-file and tries to extract the code with help of inspect.getblock:
...
# read pyx-file
all_lines = linecache.getlines(filename)
# try to extract body of the function strarting at start_lineno:
sublines = inspect.getblock(all_lines[start_lineno-1:])
...
However, getblock knows nothing about cpdef-function, as python has only def-functions and thus yields wrong function-body (i.e. only the signature).
Workaround:
A simple work around would be to introduce a dummy def-function, which would be a sentinel for the cpdef-function in such a way, that inspect.getblock would yield the whole body of the cpdef-function + body of the the sentinel function, i.e.:
%%cython
...
cpdef np.int64_t get_days(np.int64_t year, np.int64_t month):
...
def get_days_sentinel():
pass
and now the report %lprun -f get_days get_days(2019,3) looks as follows:
Timer unit: 1e-06 s
Total time: 1.7e-05 s
File: XXXX.pyx
Function: get_days at line 10
Line # Hits Time Per Hit % Time Line Contents
==============================================================
10 cpdef np.int64_t get_days(np.int64_t year, np.int64_t month):
11 1 14.0 14.0 82.4 cdef np.ndarray months=np.array([31,28,31,30,31,30,31,31,30,31,30,31])
12 1 1.0 1.0 5.9 if month==2:
13 if (year%4==0 and year%100!=0) or (year%400==0):
14 return 29
15 1 2.0 2.0 11.8 return months[month-1]
16
17 def get_days_sentinel():
18 pass
There are still somewhat ugly trailing lines from the sentinel, but it is probably better as not seeing anything at all.
How to calculate X power Y in the unix shell script where value of Y is being supplied by a loop eg. Y=1 to 5. It means I would like to calculte (X^Y)
In bash you could do:
$ for i in {1..5}; do printf "$((2 ** $i))\n"; doneprintf "$((2 ** $i))\n"; done
2
4
8
16
32
Many shells however do not support raise to power operation and in
such situations you need to use bc:
$ for i in $(seq 5); do printf "%s\n" "$(echo "2 ^ $i" | bc)"; done
2
4
8
16
32
I've been trying to compile an app that uses the QtWebEngine from PyQt5. The app works as intended but it fails when compiling. I've spent a couple of days looking for solution but so far I had no luck. I've installed python from both brew and downloading the package form it's website. I've also installed PyQt5 form brew and pip3 without any luck. After running the pyinstaller script I get the "cannot find QtWebEngineProcess" error. That's fixed by copying the QtWebEngineProcess.app file into the MacOS folder. Subsequentially I made sure that the info.plist file is not a symlink but the actual file. Afterwards I added the "org.qt-project.Qt.QtWebEngineCore" flag to the "CFBundleIdentifier" in the main app info.plist. This resolves the problem of not finding "QtWebEngineProcess" but it brings now the error stated below. I copied the "icudtl.dat" to the MacOS folder as well. I also tried rebuilding the dependencies with the framework itself and making sure I don't have symlinks like stated here. I'm not familiar with the install_name_tool so I'm stuck there. Any ideas? Is anyone able to compile a pyqt app using QtWebEngine at all?
Here's the error I'm facing:
[0201/130544:ERROR:icu_util.cc(162)] Invalid file descriptor to ICU data received.
[0201/130544:FATAL:content_main_runner.cc(714)] Check failed: base::i18n::InitializeICU().
0 QtWebEngineCore 0x000000010d4b62e3 _ZN15QtWebEngineCore20FilePickerController11qt_metacallEN11QMetaObject4CallEiPPv + 12132083
1 QtWebEngineCore 0x000000010d4c9809 _ZN15QtWebEngineCore20FilePickerController11qt_metacallEN11QMetaObject4CallEiPPv + 12211225
2 QtWebEngineCore 0x000000010ce7cb03 _ZN15QtWebEngineCore20FilePickerController11qt_metacallEN11QMetaObject4CallEiPPv + 5605139
3 QtWebEngineCore 0x000000010c918ee4 _ZN15QtWebEngineCore18WebContentsAdapter14faviconManagerEv + 28052
4 QtWebEngineCore 0x000000010c917f48 _ZN15QtWebEngineCore18WebContentsAdapter14faviconManagerEv + 24056
5 QtWebEngineCore 0x000000010c90e3b9 _ZN15QtWebEngineCore18WebContentsAdapterC2EPN7content11WebContentsE + 57
6 QtWebEngineWidgets 0x000000011113ce4e _ZrsR11QDataStreamR17QWebEngineHistory + 1870
7 QtWebEngineWidgets 0x000000011113ec20 _ZN14QWebEnginePageC1EP7QObject + 48
8 QtWebEngineWidgets 0x000000011114ad17 _ZN14QWebEngineView6setUrlERK4QUrl + 55
9 PyQt5.QtWebEngineWidgets.so 0x0000000111100ca3 _ZL26meth_QWebEngineView_setUrlP7_objectS0_ + 99
10 Python 0x00000001080faae9 PyCFunction_Call + 233
11 Python 0x0000000108187a81 PyEval_EvalFrameEx + 35729
12 Python 0x00000001081884fc PyEval_EvalFrameEx + 38412
13 Python 0x0000000108188e90 _PyEval_EvalCodeWithName + 2400
14 Python 0x0000000108188f97 PyEval_EvalCodeEx + 71
15 Python 0x00000001080d577a function_call + 186
16 Python 0x00000001080a28d3 PyObject_Call + 99
17 Python 0x00000001080bd9cc method_call + 140
18 Python 0x00000001080a28d3 PyObject_Call + 99
19 Python 0x00000001081184c1 slot_tp_init + 81
20 Python 0x000000010810ef44 type_call + 212
21 Python 0x00000001080a28d3 PyObject_Call + 99
22 Python 0x0000000108182b65 PyEval_EvalFrameEx + 15477
23 Python 0x0000000108188e90 _PyEval_EvalCodeWithName + 2400
24 Python
0x0000000108188ff1 PyEval_EvalCode + 81
25 Sailor 0x0000000106e52490 Sailor + 9360
26 Sailor 0x0000000106e529f9 Sailor + 10745
27 Sailor 0x0000000106e51464 Sailor + 5220
28 ??? 0x0000000000000003 0x0 + 3
Trace/BPT trap: 5
It worked for me after using this branch and adding some custom patching:
def patch_osx_app():
"""Patch .app to copy missing data and link some libs.
See https://github.com/pyinstaller/pyinstaller/issues/2276
"""
app_path = os.path.join('dist', 'qutebrowser.app')
qtwe_core_dir = os.path.join('.tox', 'pyinstaller', 'lib', 'python3.6',
'site-packages', 'PyQt5', 'Qt', 'lib',
'QtWebengineCore.framework')
# Copy QtWebEngineProcess.app
proc_app = 'QtWebEngineProcess.app'
shutil.copytree(os.path.join(qtwe_core_dir, 'Helpers', proc_app),
os.path.join(app_path, 'Contents', 'MacOS', proc_app))
# Copy resources
for f in glob.glob(os.path.join(qtwe_core_dir, 'Resources', '*')):
dest = os.path.join(app_path, 'Contents', 'Resources')
if os.path.isdir(f):
shutil.copytree(f, os.path.join(dest, f))
else:
shutil.copy(f, dest)
# Link dependencies
for lib in ['QtCore', 'QtWebEngineCore', 'QtQuick', 'QtQml', 'QtNetwork',
'QtGui', 'QtWebChannel', 'QtPositioning']:
dest = os.path.join(app_path, lib + '.framework', 'Versions', '5')
os.makedirs(dest)
os.symlink(os.path.join(os.pardir, os.pardir, os.pardir, 'Contents',
'MacOS', lib),
os.path.join(dest, lib))
It`s some problem with the QtWebEngine. I believed that exists patch to fix this bug.
You can see other informations in https://github.com/pyinstaller/pyinstaller/issues/2566
The files:
icudtl.dat
qtwebengine_devtools_resources.pak
qtwebengine_resources.pak
qtwebengine_resources_100p.pak
qtwebengine_resources_200p.pak
need to be in .app/Contents/Resources
With escape sequences "\033[21m" is used to reset/remove bold/bright:
echo -e "Text\033[1mMore text\033[21mEnd"
must return:
TextMore textEnd
but I get
TextMore textE̲n̲d̲
As you can see, in xterm "\033[21m" changes to underline and to reset bold we need to use "\033[0m", why is this?
Is there a way to change this behavior? (maybe launching xterm with some parameter)
According to XTerm Control Sequences, SGR 21 is "doubly-underlined":
CSI Pm m Character Attributes (SGR).
Ps = 2 1 -> Doubly-underlined (ISO 6429).
Ps = 2 2 -> Normal (neither bold nor faint).
Ps = 2 3 -> Not italicized (ISO 6429).
Ps = 2 4 -> Not underlined.
Ps = 2 5 -> Steady (not blinking).
Ps = 2 7 -> Positive (not inverse).
Ps = 2 8 -> Visible, i.e., not hidden (VT300).
Ps = 2 9 -> Not crossed-out (ISO 6429).
Perhaps you intended SGR 22.
The doubly-underlined feature was implemented in xterm patch #305:
minor reorganization to implement “filler” SGR features. There are no established applications which rely upon these; some people find them amusing.
separate bits used to manage drawing state from attribute-bits.
implement SGR codes 2, 3, 9, 21 and their corresponding resets.
add configure option --disable-wide-attrs to disable the feature.