From a3d8a10f08196dafaaf5dc0f49b36fe2d77a969c Mon Sep 17 00:00:00 2001 From: Evan Pratten Date: Thu, 27 Jun 2019 17:49:37 -0400 Subject: [PATCH] pwnlink --- _posts/2019-06-27-PWNlink.md | 45 +++++ _site/all_posts.html | 171 +++++++++++++++++++ _site/feed.xml | 187 +++++++++++++++----- _site/index.html | 48 +++--- _site/random/2019/06/27/PWNlink.html | 180 ++++++++++++++++++++ _site/random/2019/06/27/Python.html | 245 +++++++++++++++++++++++++++ 6 files changed, 810 insertions(+), 66 deletions(-) create mode 100644 _posts/2019-06-27-PWNlink.md create mode 100644 _site/random/2019/06/27/PWNlink.html create mode 100644 _site/random/2019/06/27/Python.html diff --git a/_posts/2019-06-27-PWNlink.md b/_posts/2019-06-27-PWNlink.md new file mode 100644 index 0000000..27689fd --- /dev/null +++ b/_posts/2019-06-27-PWNlink.md @@ -0,0 +1,45 @@ +--- +layout: post +title: "I had some fun with a router" +description: "cleartext passwords + external management = death wish" +date: 2019-06-27 17:16:00 +categories: random +--- + +I was playing around with some D-link routers today and remembered an [ExploitDB Entry](https://www.exploit-db.com/exploits/33520) I read a while ago. Many D-link routers have a great feature that allows remote management and configuration queries. Interestingly, this cannot be disabled, and one of the pages contains a cleartext version of the admin password (yay!). + +## How to get yourself an admin password +On any supported router, make an HTTP request to `http://your.router.ip.addr/tools_admin.asp/`. This will return a pretty large XML file containing information about your router's hardware and configuration. + +Notice the fact that you did not have to log in. This is due to the fact that this file seems to be used by a remote management service of some sort. + +The important thing to note here is that, when parsed with the regex pattern: `name="user_password_tmp" value="(.*)">`, you get a single string. This string is the admin password of the device. + +## Supported routers +This is supported by many D-link routers. The ones I know about are: + - DIR-835 + - DIR-855L + - DGL-5500 + +Some routers have this XML file, but it is restricted... By a user without a password. These are: + - DHP-1565 + - DIR-652 + +## PWNlink +Like everything I play with, I made a script to do this all for me (and spent a large amount of time adding colours to the text). + +My script is called PWNlink (PWN + D-link), It automatically finds a router on your network by looking for a specific DNS entry created by many D-link routers, then checking your gateway. Next, PWNlink reads you router's `hnap1` config to find it's model number. If supported, the script will read and parse the appropriate configs to give you the admin credentials for your router. + +PWNlink can be installed on any *nix computer that has both `python3.7` and `python3-pip` installed. To install PWNlink, run: +``` +pip3 install pwnlink +``` + +Run the script without any arguments for automatic detection, or pass any IP address to use manual detection. + +## Disclamier thingy +I don't see much point to these, but I should probably put one anyways. + +**Don't be dumb with this script.** + +I have only used it on my own (or 5024's) routers, and did not create PWNlink with any malicious intent. \ No newline at end of file diff --git a/_site/all_posts.html b/_site/all_posts.html index 835df6c..ef09a58 100644 --- a/_site/all_posts.html +++ b/_site/all_posts.html @@ -81,6 +81,177 @@
+ +

I had some fun with a router

+ + + + +
+ + + + + +

Hunting snakes with a shotgun

+ + + + +
+ + + +

BashSmash

diff --git a/_site/feed.xml b/_site/feed.xml index 26c2782..369a2d2 100644 --- a/_site/feed.xml +++ b/_site/feed.xml @@ -1,4 +1,147 @@ -Jekyll2019-06-26T22:13:34-04:00http://localhost:4000/feed.xmlEvan PrattenComputer wizard, student, <a href="https://github.com/frc5024">@frc5024</a> programming team lead, and radio enthusiast.BashSmash2019-06-26T11:48:00-04:002019-06-26T11:48:00-04:00http://localhost:4000/random/2019/06/26/BashSmash<p>I was watching this great <a href="https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=1&amp;cad=rja&amp;uact=8&amp;ved=2ahUKEwiOhNze_4fjAhUiB50JHR12D8AQwqsBMAB6BAgJEAQ&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D6D1LnMj0Yt0&amp;usg=AOvVaw2nOgft0SoPZujc9js9Vxhx">Liveoverflow video</a> yesterday, and really liked the idea of building escape sequences with strings. So, I built a new tool, <a href="https://pypi.org/project/bashsmash/">BashSmash</a>.</p> +Jekyll2019-06-27T17:46:56-04:00http://localhost:4000/feed.xmlEvan PrattenComputer wizard, student, <a href="https://github.com/frc5024">@frc5024</a> programming team lead, and radio enthusiast.I had some fun with a router2019-06-27T13:16:00-04:002019-06-27T13:16:00-04:00http://localhost:4000/random/2019/06/27/PWNlink<p>I was playing around with some D-link routers today and remembered an <a href="https://www.exploit-db.com/exploits/33520">ExploitDB Entry</a> I read a while ago. Many D-link routers have a great feature that allows remote management and configuration queries. Interestingly, this cannot be disabled, and one of the pages contains a cleartext version of the admin password (yay!).</p> + +<h2 id="how-to-get-yourself-an-admin-password">How to get yourself an admin password</h2> +<p>On any supported router, make an HTTP request to <code class="highlighter-rouge">http://your.router.ip.addr/tools_admin.asp/</code>. This will return a pretty large XML file containing information about your router’s hardware and configuration.</p> + +<p>Notice the fact that you did not have to log in. This is due to the fact that this file seems to be used by a remote management service of some sort.</p> + +<p>The important thing to note here is that, when parsed with the regex pattern: <code class="highlighter-rouge">name="user_password_tmp" value="(.*)"&gt;</code>, you get a single string. This string is the admin password of the device.</p> + +<h2 id="supported-routers">Supported routers</h2> +<p>This is supported by many D-link routers. The ones I know about are:</p> +<ul> + <li>DIR-835</li> + <li>DIR-855L</li> + <li>DGL-5500</li> +</ul> + +<p>Some routers have this XML file, but it is restricted… By a user without a password. These are:</p> +<ul> + <li>DHP-1565</li> + <li>DIR-652</li> +</ul> + +<h2 id="pwnlink">PWNlink</h2> +<p>Like everything I play with, I made a script to do this all for me (and spent a large amount of time adding colours to the text).</p> + +<p>My script is called PWNlink (PWN + D-link), It automatically finds a router on your network by looking for a specific DNS entry created by many D-link routers, then checking your gateway. Next, PWNlink reads you router’s <code class="highlighter-rouge">hnap1</code> config to find it’s model number. If supported, the script will read and parse the appropriate configs to give you the admin credentials for your router.</p> + +<p>PWNlink can be installed on any *nix computer that has both <code class="highlighter-rouge">python3.7</code> and <code class="highlighter-rouge">python3-pip</code> installed. To install PWNlink, run:</p> +<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>pip3 install pwnlink +</code></pre></div></div> + +<p>Run the script without any arguments for automatic detection, or pass any IP address to use manual detection.</p> + +<h2 id="disclamier-thingy">Disclamier thingy</h2> +<p>I don’t see much point to these, but I should probably put one anyways.</p> + +<p><strong>Don’t be dumb with this script.</strong></p> + +<p>I have only used it on my own (or 5024’s) routers, and did not create PWNlink with any malicious intent.</p>I was playing around with some D-link routers today and remembered an ExploitDB Entry I read a while ago. Many D-link routers have a great feature that allows remote management and configuration queries. Interestingly, this cannot be disabled, and one of the pages contains a cleartext version of the admin password (yay!).Hunting snakes with a shotgun2019-06-27T03:00:00-04:002019-06-27T03:00:00-04:00http://localhost:4000/random/2019/06/27/Python<p>A rather large number of people know me as “the guy who does weird things with python”. I would object to this title, but it is quite accurate. So, here are some of the things I like playing with in python. None of these are actually breaking the language, just little known facts and syntax. At some point I will share about actually breaking the language. For now, enjoy the weird things I have found over the past 6 years.</p> + +<h2 id="type-hints">Type hints</h2> +<p>A little known feature of python is called “type hinting” (PEP 484). This is actually quite common to see in standard libraries, and has it’s own special syntax:</p> +<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Here is a regular function +</span><span class="k">def</span> <span class="nf">meep</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span> + <span class="k">return</span> <span class="n">a</span><span class="o">*</span><span class="n">b</span><span class="o">^</span><span class="mi">2</span> + +<span class="c1"># This function has no real reason to exsist, and is lacking any sort of documentation. +# Let's add a docstring to explain what it does +</span> +<span class="k">def</span> <span class="nf">meep</span><span class="p">(</span><span class="n">a</span><span class="p">,</span> <span class="n">b</span><span class="p">):</span> + <span class="s">""" This function returns the result of a times b squared """</span> + <span class="k">return</span> <span class="n">a</span><span class="o">*</span><span class="n">b</span><span class="o">^</span><span class="mi">2</span> + +<span class="c1"># Ok. The docstring explains the function, but is not too helpful +# what are a and b? what does this return? +# For all we know, a could actually be a string (in which case, this function would return a string) +# Let's fix that up with a type hint +</span> +<span class="k">def</span> <span class="nf">meep</span><span class="p">(</span><span class="n">a</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">b</span><span class="p">:</span> <span class="nb">int</span><span class="p">):</span> + <span class="s">""" This function returns the result of a times b squared """</span> + <span class="k">return</span> <span class="n">a</span><span class="o">*</span><span class="n">b</span><span class="o">^</span><span class="mi">2</span> + +<span class="c1"># Thanks to the :int (called a type hint in case you didn't notice that yet), we now know that this function expects two ints. +# Now, to finish this up with a secondary type hint to specify the return type +</span><span class="k">def</span> <span class="nf">meep</span><span class="p">(</span><span class="n">a</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">b</span><span class="p">:</span> <span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> + <span class="s">""" This function returns the result of a times b squared """</span> + <span class="k">return</span> <span class="n">a</span><span class="o">*</span><span class="n">b</span><span class="o">^</span><span class="mi">2</span> + +<span class="c1"># There. Now we can clearly see that this function takes too ints, and returns one int. +# If only this was a requirement in the language. So many headaches could be solved. +</span></code></pre></div></div> + +<p>Now, keep in mind that this is called a type <em>hint</em>. The python compiler (yes.. Give me a second for that one) does not actually care if you obey the hint or not. Feel free to send incorrect data into a hinted function and see what you can break. Critical functions should both hint and check the data types being provided.</p> + +<h2 id="type-declarations">Type declarations</h2> +<p>Just like type hints for functions, python has hints for variables too.</p> +<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># A regular variable. Must be declared with an initial value +</span><span class="n">my_state</span> <span class="o">=</span> <span class="bp">None</span> + +<span class="c1"># my_state is None, as it has not been set, but needs to exist. +# Let's assume that my_state is to be a state: +</span><span class="k">class</span> <span class="nc">State</span><span class="p">:</span> + <span class="n">status</span> <span class="o">=</span> <span class="bp">False</span> + <span class="k">def</span> <span class="nf">toggle</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="bp">self</span><span class="o">.</span><span class="n">status</span> <span class="o">!=</span> <span class="bp">self</span><span class="o">.</span><span class="n">status</span> + +<span class="c1"># Finally, its time to set the state to something useful +</span><span class="n">my_state</span> <span class="o">=</span> <span class="n">State</span><span class="p">()</span> +<span class="n">my_state</span><span class="o">.</span><span class="n">toggle</span><span class="p">()</span> + +<span class="c1"># Ok.. I hate this. Let's start by using type declarations first +# Any variable can be un-initialized and just have a type. Like so: +</span><span class="n">my_state</span><span class="p">:</span> <span class="n">State</span> + +<span class="c1"># This works for anything +</span><span class="n">is_alive</span><span class="p">:</span> <span class="nb">bool</span> +<span class="n">age</span><span class="p">:</span> <span class="nb">int</span> +<span class="n">name</span><span class="p">:</span> <span class="nb">str</span> + +<span class="c1"># Now, with this new knowledge, let's rewrite State +</span><span class="k">class</span> <span class="nc">State</span><span class="p">:</span> + <span class="n">status</span><span class="p">:</span> <span class="nb">bool</span> + <span class="k">def</span> <span class="nf">toggle</span><span class="p">(</span><span class="bp">self</span><span class="p">:</span> <span class="n">State</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> + <span class="bp">self</span><span class="o">.</span><span class="n">status</span> <span class="o">!=</span> <span class="bp">self</span><span class="o">.</span><span class="n">status</span> + +<span class="c1"># And initialize my_state with slightly different syntax +</span><span class="n">my_state</span> <span class="o">=</span> <span class="n">State</span><span class="p">(</span><span class="n">status</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> +</code></pre></div></div> + +<p>I have not found much use for this yet. Hopefully there is something cool to use it for.</p> + +<h2 id="one-line-functions">One-line functions</h2> +<p>This is more common knowlage. A function can be declared in one line</p> +<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Here is an adder function +</span><span class="k">def</span> <span class="nf">adder1</span><span class="p">(</span><span class="n">a</span><span class="p">:</span><span class="nb">int</span><span class="p">,</span> <span class="n">b</span><span class="p">:</span><span class="nb">int</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> + <span class="k">return</span> <span class="n">a</span><span class="o">+</span><span class="n">b</span> + +<span class="c1"># Here is a one-line adder function +</span><span class="n">adder2</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">a</span><span class="p">,</span><span class="n">b</span> <span class="p">:</span> <span class="n">a</span><span class="o">+</span><span class="n">b</span> + +<span class="c1"># State from above can be compacted further: +</span><span class="k">class</span> <span class="nc">State</span><span class="p">:</span> + <span class="n">status</span><span class="p">:</span> <span class="nb">bool</span> + <span class="n">toggle</span> <span class="o">=</span> <span class="k">lambda</span> <span class="bp">self</span><span class="p">:</span> <span class="bp">self</span><span class="o">.</span><span class="n">status</span> <span class="o">!=</span> <span class="bp">self</span><span class="o">.</span><span class="n">status</span> +</code></pre></div></div> + +<h2 id="ternary-operations">Ternary operations</h2> +<p>On the trend of one-line code, We have the one-line if/else, also known as a Ternary in more sensible languages.</p> +<div class="language-python highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c1"># Here is an if/else +</span><span class="k">if</span> <span class="mi">100</span> <span class="ow">is</span> <span class="mi">5</span><span class="p">:</span> + <span class="k">print</span><span class="p">(</span><span class="s">"The world has ended"</span><span class="p">)</span> +<span class="k">else</span><span class="p">:</span> + <span class="k">print</span><span class="p">(</span><span class="s">"All is good"</span><span class="p">)</span> + +<span class="c1"># Here is a smaller if/else +</span><span class="k">print</span><span class="p">(</span><span class="s">"The world has ended"</span> <span class="k">if</span> <span class="mi">100</span> <span class="ow">is</span> <span class="mi">5</span> <span class="k">else</span> <span class="s">"All is good"</span><span class="p">)</span> +</code></pre></div></div> + +<h2 id="compiled-python">Compiled python</h2> +<p>This one is interesting. Python, like Java, is compiled into bytecode. So yes, it technically is a compiled language. To see said bytecode, take a look at any <code class="highlighter-rouge">.pyc</code> file sitting in your <code class="highlighter-rouge">__pycache__</code></p> + +<h2 id="blog-formatting-experiments">Blog formatting experiments</h2> +<p>I am still playing with post formats, and various types of content. This is more random than I usually prefer. Let me know your thoughts on the social media platform of your choosing.</p>A rather large number of people know me as “the guy who does weird things with python”. I would object to this title, but it is quite accurate. So, here are some of the things I like playing with in python. None of these are actually breaking the language, just little known facts and syntax. At some point I will share about actually breaking the language. For now, enjoy the weird things I have found over the past 6 years.BashSmash2019-06-26T11:48:00-04:002019-06-26T11:48:00-04:00http://localhost:4000/random/2019/06/26/BashSmash<p>I was watching this great <a href="https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=1&amp;cad=rja&amp;uact=8&amp;ved=2ahUKEwiOhNze_4fjAhUiB50JHR12D8AQwqsBMAB6BAgJEAQ&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D6D1LnMj0Yt0&amp;usg=AOvVaw2nOgft0SoPZujc9js9Vxhx">Liveoverflow video</a> yesterday, and really liked the idea of building escape sequences with strings. So, I built a new tool, <a href="https://pypi.org/project/bashsmash/">BashSmash</a>.</p> <h2 id="the-goal">The goal</h2> <p>The goal of BashSmash is very similar to that described in Liveoverflow’s video. Do anything in bash without using any letters or numbers except <code class="highlighter-rouge">n</code> and <code class="highlighter-rouge">f</code> (he used <code class="highlighter-rouge">i</code> instead of <code class="highlighter-rouge">f</code>). This can both bypass shell injection filters, and generally mess with people.</p> @@ -295,44 +438,4 @@ Your browser does not support audio players </code></pre></div></div> <h2 id="use-it-yourself">Use it yourself</h2> -<p>I put this theme on userstyles.org. You can download and install it by going to <a href="https://userstyles.org/styles/172679/ewpratten-s-githubtheme">my userstyles page</a>.</p>I have been using GitHub since 2017, and have been getting tired of GitHub’s theme. I didn’t need a huge change, just a small refresh. So, to solve this, I whipped out Stylus and made a nice little CSS file for it.Building a safe and easy system for sending computer vision data from a raspberry pi to a roborio2019-05-27T05:22:00-04:002019-05-27T05:22:00-04:00http://localhost:4000/frc/2019/05/27/Building-Safe-Vision-Comms<p>Computer vision on an FRC robot has some problems.</p> -<ul> - <li>RoboRIO is not powerfull enough</li> - <li>NetworkTables is not fast enough</li> - <li>A TCP connection is great until you lose connection</li> - <li>mDNS discovery is not reliable on the field</li> - <li>UDP can skip frames</li> -</ul> - -<h2 id="needs">Needs</h2> -<p>These are the things I need to have.</p> -<ul> - <li>Send data from any device</li> - <li>Recive data on RoboRIO at any time</li> - <li>Data rate faster than period time</li> -</ul> - -<h2 id="wants">Wants</h2> -<p>These are the things I would like to have.</p> -<ul> - <li>Easy discovery</li> - <li>Threaded</li> - <li>Simple interface for new programmers</li> - <li>Fallback in case of UDP issues</li> - <li>FMS network firewall compliant</li> -</ul> - -<p>I am currently working on a protocol for solving this problem, nad will post an update here once it has been tested. Feel free to let me know your thoughts and ideas.</p>Computer vision on an FRC robot has some problems. RoboRIO is not powerfull enough NetworkTables is not fast enough A TCP connection is great until you lose connection mDNS discovery is not reliable on the field UDP can skip framesThe language hunt2019-04-30T14:32:00-04:002019-04-30T14:32:00-04:00http://localhost:4000/frc/2019/04/30/FRC-Languages<p>Our programming team is looking to switch languages in the 2020 season. Here is the what, why, and how.</p> - -<h2 id="our-history">Our history</h2> -<p>We started out as a java team back in 2014 because java was (and still is) the language being taught in our programming classes. Honestly, our code sucked, as many rookie team’s do. There where no fancy features, or sensor-assisted autonomous. Direct input into talons was our way to roll.</p> - -<p>A few years later, we had a change in team organization and switched to C++. Up until the 2019 / 2020 season, this was our language and we where getting pretty good at using it.</p> - -<h2 id="the-problem">The Problem</h2> -<p>We, as a team are looking to bring our programming and robots to the next level in 2020. Because of this, we ran into a problem. While C++ is an amazing language for embedded and robotics programming, some of it’s “features” where starting to act as a bottleneck to our design. Less time was being spent on polishing our new vision system or autonomous climb, and more on that crazy linker error that came out of nowhere.</p> - -<p>It’s time for a change, but what do we change to?</p> - -<h2 id="part-2">Part 2</h2> -<p>The followup can be found <a href="/frc/2019/06/24/LanguageHunt2.html">HERE</a>.</p>Our programming team is looking to switch languages in the 2020 season. Here is the what, why, and how. \ No newline at end of file +<p>I put this theme on userstyles.org. You can download and install it by going to <a href="https://userstyles.org/styles/172679/ewpratten-s-githubtheme">my userstyles page</a>.</p>I have been using GitHub since 2017, and have been getting tired of GitHub’s theme. I didn’t need a huge change, just a small refresh. So, to solve this, I whipped out Stylus and made a nice little CSS file for it. \ No newline at end of file diff --git a/_site/index.html b/_site/index.html index 878bb19..d6d5a67 100644 --- a/_site/index.html +++ b/_site/index.html @@ -123,6 +123,30 @@
+ + + + + + + +
@@ -219,30 +243,6 @@ - - - - - - - - diff --git a/_site/random/2019/06/27/PWNlink.html b/_site/random/2019/06/27/PWNlink.html new file mode 100644 index 0000000..f1e83c3 --- /dev/null +++ b/_site/random/2019/06/27/PWNlink.html @@ -0,0 +1,180 @@ + + + + + + Evan Pratten + + + + + + + + + + + + + + +
+ + + + + + + + + +
+ + +
+
+
+

I had some fun with a router

+
+ +

I was playing around with some D-link routers today and remembered an ExploitDB Entry I read a while ago. Many D-link routers have a great feature that allows remote management and configuration queries. Interestingly, this cannot be disabled, and one of the pages contains a cleartext version of the admin password (yay!).

+ +

How to get yourself an admin password

+

On any supported router, make an HTTP request to http://your.router.ip.addr/tools_admin.asp/. This will return a pretty large XML file containing information about your router’s hardware and configuration.

+ +

Notice the fact that you did not have to log in. This is due to the fact that this file seems to be used by a remote management service of some sort.

+ +

The important thing to note here is that, when parsed with the regex pattern: name="user_password_tmp" value="(.*)">, you get a single string. This string is the admin password of the device.

+ +

Supported routers

+

This is supported by many D-link routers. The ones I know about are:

+
    +
  • DIR-835
    • +
  • DIR-855L
    • +
  • DGL-5500
    • +
+ +

Some routers have this XML file, but it is restricted… By a user without a password. These are:

+
    +
  • DHP-1565
    • +
  • DIR-652
    • +
+ + +

Like everything I play with, I made a script to do this all for me (and spent a large amount of time adding colours to the text).

+ +

My script is called PWNlink (PWN + D-link), It automatically finds a router on your network by looking for a specific DNS entry created by many D-link routers, then checking your gateway. Next, PWNlink reads you router’s hnap1 config to find it’s model number. If supported, the script will read and parse the appropriate configs to give you the admin credentials for your router.

+ +

PWNlink can be installed on any *nix computer that has both python3.7 and python3-pip installed. To install PWNlink, run:

+
pip3 install pwnlink
+
+ +

Run the script without any arguments for automatic detection, or pass any IP address to use manual detection.

+ +

Disclamier thingy

+

I don’t see much point to these, but I should probably put one anyways.

+ +

Don’t be dumb with this script.

+ +

I have only used it on my own (or 5024’s) routers, and did not create PWNlink with any malicious intent.

+

+
+
+ +
+ + + + +
+ + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/_site/random/2019/06/27/Python.html b/_site/random/2019/06/27/Python.html new file mode 100644 index 0000000..aa98415 --- /dev/null +++ b/_site/random/2019/06/27/Python.html @@ -0,0 +1,245 @@ + + + + + + Evan Pratten + + + + + + + + + + + + + + +
+ + + + + + + + + +
+ + +
+
+
+

Hunting snakes with a shotgun

+
+ +

A rather large number of people know me as “the guy who does weird things with python”. I would object to this title, but it is quite accurate. So, here are some of the things I like playing with in python. None of these are actually breaking the language, just little known facts and syntax. At some point I will share about actually breaking the language. For now, enjoy the weird things I have found over the past 6 years.

+ +

Type hints

+

A little known feature of python is called “type hinting” (PEP 484). This is actually quite common to see in standard libraries, and has it’s own special syntax:

+
# Here is a regular function
+def meep(a, b):
+    return a*b^2
+
+# This function has no real reason to exsist, and is lacking any sort of documentation.
+# Let's add a docstring to explain what it does
+
+def meep(a, b):
+    """ This function returns the result of a times b squared """
+    return a*b^2
+
+# Ok. The docstring explains the function, but is not too helpful 
+# what are a and b? what does this return? 
+# For all we know, a could actually be a string (in which case, this function would return a string)
+# Let's fix that up with a type hint
+
+def meep(a: int, b: int):
+    """ This function returns the result of a times b squared """
+    return a*b^2
+
+# Thanks to the :int (called a type hint in case you didn't notice that yet), we now know that this function expects two ints.
+# Now, to finish this up with a secondary type hint to specify the return type
+def meep(a: int, b: int) -> int:
+    """ This function returns the result of a times b squared """
+    return a*b^2
+
+# There. Now we can clearly see that this function takes too ints, and returns one int. 
+# If only this was a requirement in the language. So many headaches could be solved.
+
+ +

Now, keep in mind that this is called a type hint. The python compiler (yes.. Give me a second for that one) does not actually care if you obey the hint or not. Feel free to send incorrect data into a hinted function and see what you can break. Critical functions should both hint and check the data types being provided.

+ +

Type declarations

+

Just like type hints for functions, python has hints for variables too.

+
# A regular variable. Must be declared with an initial value
+my_state = None
+
+# my_state is None, as it has not been set, but needs to exist.
+# Let's assume that my_state is to be a state:
+class State:
+    status = False
+    def toggle(self):
+        self.status != self.status
+
+# Finally, its time to set the state to something useful
+my_state = State()
+my_state.toggle()
+
+# Ok.. I hate this. Let's start by using type declarations first
+# Any variable can be un-initialized and just have a type. Like so:
+my_state: State
+
+# This works for anything
+is_alive: bool
+age: int
+name: str
+
+# Now, with this new knowledge, let's rewrite State
+class State:
+    status: bool
+    def toggle(self: State) -> None:
+        self.status != self.status
+
+# And initialize my_state with slightly different syntax
+my_state = State(status=True)
+
+ +

I have not found much use for this yet. Hopefully there is something cool to use it for.

+ +

One-line functions

+

This is more common knowlage. A function can be declared in one line

+
# Here is an adder function
+def adder1(a:int, b:int) -> int:
+    return a+b
+
+# Here is a one-line adder function
+adder2 = lambda a,b : a+b
+
+# State from above can be compacted further:
+class State:
+    status: bool
+    toggle = lambda self: self.status != self.status
+
+ +

Ternary operations

+

On the trend of one-line code, We have the one-line if/else, also known as a Ternary in more sensible languages.

+
# Here is an if/else
+if 100 is 5:
+    print("The world has ended")
+else:
+    print("All is good")
+
+# Here is a smaller if/else
+print("The world has ended" if 100 is 5 else "All is good")
+
+ +

Compiled python

+

This one is interesting. Python, like Java, is compiled into bytecode. So yes, it technically is a compiled language. To see said bytecode, take a look at any .pyc file sitting in your __pycache__

+ +

Blog formatting experiments

+

I am still playing with post formats, and various types of content. This is more random than I usually prefer. Let me know your thoughts on the social media platform of your choosing.

+

+
+
+ +
+ + + + +
+ + + + + + + + + + + + + + + + + \ No newline at end of file