skerkour / black-hat-rust Goto Github PK
View Code? Open in Web Editor NEWApplied offensive security with Rust - https://kerkour.com/black-hat-rust
Home Page: https://kerkour.com/black-hat-rust
License: MIT License
Applied offensive security with Rust - https://kerkour.com/black-hat-rust
Home Page: https://kerkour.com/black-hat-rust
License: MIT License
Hey Sylvain,
I've just started the book and the introduction has been really excited! Looking forward to an awesome read.
I found a typo in the black hat book (section 5.3.2), where do I file the edit?
info: The currently active `rustc` version is `rustc 1.63.0-nightly (cd282d7f7 2022-05-18)`
[dependencies]
anyhow = "1.0.57"
rayon = "1.5.3"
serde = "1.0.137"
thiserror = "1.0.31"
My model.rs file is the same as https://github.com/skerkour/black-hat-rust/blob/main/ch_02/tricoder/src/model.rs
yet the compiler complains
error: cannot find derive macro `Deserialize` in this scope
--> src/model.rs:15:17
|
15 | #[derive(Debug, Deserialize, Clone)]
| ^^^^^^^^^^^
|
note: `Deserialize` is imported here, but it is only a trait, without a derive macro
--> src/model.rs:1:5
|
1 | use serde::Deserialize;
| ^^^^^^^^^^^^^^^^^^
Your repo shows this import as a feature inclusion;
serde = { version = "1", features = ["derive"] }
but this is never mentioned in the book afaict.
In v2021.41
, section 5.11.5.2
on page 39
states that:
rustfmtp is a code formatter that allows codebases to have a consistent coding style and
avoid nitpicking during code reviews.
I believe this should be rustfmt
, not rustfmtp
.
I have the exact function in https://github.com/skerkour/black-hat-rust/blob/main/ch_02/tricoder/src/subdomains.rs#L45
After cloning the repo, it will build with cargo build. But when I followed along in your book, I get
error[E0639]: cannot create non-exhaustive struct using struct expression
--> src/subdomains.rs:56:9
|
56 | / ResolverOpts {
57 | | timeout: Duration::from_secs(4),
58 | | ..Default::default()
59 | | },
| |_________^
Why does it work in your example but not for me? Have I missed some information from the book, require a specific crate version, or was there something omitted from the book I need to know?
Hi, I finished the first chapter. It was my first Rust program.
I had a lot of fun. I am looking forward to the rest of the book.
As a newbie to Rust, I was pleasantly surprised when vscode recognized my .rs file right off the bat and showed syntax highlighting. However, it showed compiler errors without - help: text. This threw me off for like 20 minutes. I didn't realize I had en extra semi-colon at the end of the final Ok(()); and this meant something was wrong. It showed the compiler error in the return value in the main signature. Slightly disappointed with vscode right now. (Apparently, you can either close with return Ok(()); or Ok(()) but not Ok(());.)
Make it more clear what Ok(())
means
I cloned the repo per today's date and got a compilation error whjen running make dump_shell
But I get a compilation error
➜ ch_08 git:(main) make dump_shell
cd shell && cargo +nightly build --release
Compiling shell v0.1.0 (/home/user/black-hat-rust/ch_08/shell)
error: cannot find macro `asm` in this scope
--> src/main.rs:17:5
|
17 | asm!(
| ^^^
|
= note: consider importing this macro:
core::arch::asm
warning: the feature `asm` has been stable since 1.59.0 and no longer requires an attribute to enable
--> src/main.rs:3:12
|
3 | #![feature(asm)]
| ^^^
|
= note: `#[warn(stable_features)]` on by default
warning: `shell` (bin "shell") generated 1 warning
error: could not compile `shell` due to previous error; 1 warning emitted
make: *** [Makefile:35: shell] Error 101
Removing the attribute #[feature(asm)]
and replacing it with use core::arch::asm;
appears to resolve this :)
We should be writing help text using BNF,
[]
are used to denote optional args, and<>
are used to denote required args.So instead of:
sha1_cracker: [wordlist.txt] [sha1_hash]
we should write:
sha1_cracker: <wordlist.txt> <sha1_hash>
I quickly realized that studying law was not for me: reality was travested
travested
-> travestied
The goal of this book this is to save
maybe double this
It’s important to understand that Black Hat Rust is not meant to be an
big encyclopaedia
encyclopaedia
-> encyclopedia
Tt took me
maybe Tt
-> That
but It’s only when
It's
-> it's
Section 4.4 :
In the context of cyberwar, It is important to remember
It
-> it
Section 4.9.1 :
How should our program behaves when encountering an error?
behaves
-> behave
For our simple program, we will simply Box errors
Seems like smth is missing, maybe we will simply utilize Box errors
Section 4.10.x :
but it prevent you from getting things done
prevent
-> prevents
it may means that your are doing something wrong.
means
-> mean
I ever needed to track bugs my programs.
Maybe in my programs
you have to handle every errors
errors
-> error
Section 4.11.x :
For that, the community has built a few tools which will save you a lot of time et let you keep your projects up to date
et
-> to
clippy is a linter this will detect
Seems like this sentence is not completed.
The current server/Cargo.toml
file causes a compile error due to sqlx.
wasm-pack build --target web --out-name wasm --out-dir ./dist --dev --no-typescript webapp
Error: Error during execution of `cargo metadata`: error: failed to select a version for `sqlx-core`.
... required by package `sqlx v0.6.0`
... which satisfies dependency `sqlx = "^0.6"` (locked to 0.6.0) of package `server v0.1.0 (/Users/tarang/Developer/rust/black-hat-rust/ch_09/phishing/server)`
versions that meet the requirements `^0.6.0` are: 0.6.0
the package `sqlx` depends on `sqlx-core`, with features: `sqlx` but `sqlx-core` does not have these features.
failed to select a version for `sqlx-core` which could resolve this conflict
make: *** [webapp_debug] Error 1
The fix for now is to downgrade to sqlx v0.5.0
Chapter 5 is about web crawling, right? Well one library I've found to be really helpful for that is thirtyfour, a Selenium/WebDriver library for rust. WebDriver is a great technique to use for scraping websites that are SPAs or other apps that load content with JavaScript. Just thought I'd share.
Hello, I am citing this repository in a project that I have done, but there is not CITATION.cff file to show the correct citation for this repository. Please consider adding such a file in order to enable others in the future to have what they need to properly cite your work.
For more information on this, here are a couple of GitHub links on how to make such a file:
https://citation-file-format.github.io/
https://github.com/citation-file-format/citation-file-format
The code to retrieve the CSRF token is not quite correct. It does not properly decode the percent encoding, thus the requests will fail. It can easily be fixed by adjusting the import in the Cargo.toml:
cookie = {version = "0.15", features = ["percent-encode"]}
and by adjusting line 216 in main.rs
:
.filter_map(|cookie| Cookie::parse_encoded(cookie).ok())
rust is my first programming language I am still trying to figure out my way in programing I did read few books and each one tackled subject I had no prior experience in and I did not get the most of the books but I tried to get as much as I can from them I was wandering if the "rust black hat" is required to have prior knowledge in some topics and if there are some what are thy
PS: forgive me for my bad English its not my first language
I read your article "Backdooring Rust crates for fun and profit" today which said:
While it’s possible to audit the code of a crate on https://docs.rs on clicking on a [src] button, it turns that I couldn’t find a way to inspect build.rs files. Thus, combined with a malicious update, it’s the almost perfect backdoor.
There is a way to view build.rs files, you just have to use docs.rs' source view on /crate instead of rustdoc's. e.g. for boring-sys you can see the build.rs on https://docs.rs/crate/boring-sys/1.1.1/source/build.rs.
It seems that some mistakes were made during the md -> pdf conversion :
I'll update the list while I'm going through the book
Hi @skerkour , enjoying the book!
Ran across some minor typos in ch3 and thought I'd list them here.
spaw_blocking
" -> "Instead, by calling spawn_blocking
"I am currently using
rustc 1.66.0 (69f9c33d7 2022-12-12)
I noticed that the code for the sha1 cracker requires the use of
use hex;
in the import(?)/use section of the code in order for the compiler to recognize &hex...
in this line
make docker
docker build -t localhost/skerkour/ebook:latest .
Sending build context to Docker daemon 16.38kB
Step 1/12 : FROM ubuntu:latest
---> c6b84b685f35
Step 2/12 : RUN apt update
---> Using cache
---> 1a0f34424277
Step 3/12 : RUN apt upgrade -y
---> Using cache
---> 65a81a47a76e
Step 4/12 : ENV USER=ebook
---> Using cache
---> 09ddd6d66ad2
Step 5/12 : ENV UID=10001
---> Using cache
---> 9e5079c9fc13
Step 6/12 : RUN adduser --disabled-password --gecos "" --home "/nonexistent" --shell "/sbin/nologin" --no-create-home --uid "${UID}" "${USER}"
---> Using cache
---> ef1b6e6fe127
Step 7/12 : ENV DEBIAN_FRONTEND noninteractive
---> Using cache
---> 2b16332fa839
Step 8/12 : RUN apt install -y vim calibre pdftk epubcheck binutils make wget imagemagick
---> Using cache
---> e67f0f0bc35b
Step 9/12 : RUN apt install -y pandoc libpar-packer-perl perl-doc zlib1g zlib1g-dev expat texlive-latex-base texlive-latex-extra texlive-xetex texlive librsvg2-bin texlive-fonts-recommended texlive-fonts-extra texlive-xetex texlive-latex-recommended
---> Using cache
---> a6b7d94386b0
Step 10/12 : USER ebook:ebook
---> Using cache
---> 268852e0ee26
Step 11/12 : WORKDIR /ebook
---> Using cache
---> c9f53dbab38d
Step 12/12 : CMD ["make", "all"]
---> Using cache
---> f29c71616ef1
Successfully built f29c71616ef1
Successfully tagged localhost/skerkour/ebook:latest
docker run -ti --rm -v pwd
:/ebook localhost/skerkour/ebook
pandoc settings.txt src/ch_01.md src/ch_02.md src/ch_03.md src/ch_04.md src/ch_05.md src/ch_06.md src/ch_07.md src/ch_08.md src/ch_09.md src/ch_10.md src/ch_11.md src/ch_12.md src/ch_13.md src/ch_14.md
--resource-path=src
--output=ebooks/black_hat_rust_content.pdf
--pdf-engine=xelatex
--table-of-contents --toc-depth=2
--number-sections
--top-level-division=chapter
--include-in-header inline_code.tex
-V fontsize=12pt
-V documentclass=report
-V linkcolor:blue
--highlight-style tango_theme.json
-M date="v2021.41"
Unknown highlight-style tango_theme.json
make: *** [Makefile:33: pdf] Error 6
Basically that. I'm looking into maybe suggest this book for a few students. Before doing so, I'd like to read a little of it if possible.
Unfortunately, our budget is very limited right now, but I believe this could be a great asset for my class.
Thanks!
Disclaimer: I'm new to Rust, but making my way through both your book and Rust Programming 2nd edition.
While looking at this line in SHA1 cracker, I was curious why to_string
was required. Specifically, I wanted to know if the rest of the code could use a &str
instead, so a heap allocation could be avoided.
After removing the to_string
, I discovered that the code would not compile due to the error "temporary value dropped while borrowed". After reasoning about this error, it made sense. Although Result
contains the owned string, when it is extracted with ?
, the value is not assigned anywhere, so the &str
reference returned from trim
points to a value that is dropped.
So, I changed the line above to the following two lines, where I save the String
value to a variable, so the &str
returned from trim
had a valid place to point:
let line = line?;
let common_password = line.trim();
Although this compiled, I was still unsure if this would make a difference as I have no experience with Rust or how smart the compiler is or isn't, so I ran some tests, which showed the version without the to_string
is faster and avoids extra heap allocations. Perhaps the code in the book could be tweaked to eliminate this, seemingly, unnecessary call?
haw can i get the actual code
hello, can i buy this book with bitcoin ?
if yes how can i contact you ?
Will an audio version of the book become available?
Will TOC bookmarks be added to the final ebook? Would be cool if there is, its kinda cumbersome to manually scroll to the page I want.
Hi!
Thanks for creating this book. I have just started reading the pdf version and i noticed the letter 'e' is undistinguishable from 'c' letter which makes it a bit hard to read. Would it be possible to change that?
I am facing no difficulties with reading any other text on internet so this must be something with the formatting of this book.
Thanks!
While the pdf
and mobi
formats show the code blocks in fixed-width font, it seems that the epub
version does not (at least in calibre 3.21).
I think the book would benefit from a smaller font size for code blocks. In both the PDF and epub versions (didn’t look at mobi), the code block font looks larger than the body text font. To minimize wrapping of code blocks, I think a smaller monospace font size would look better. It would also look more harmonious with the body font size.
(Same comment applies to your blog posts IMO).
For example, here is a screenshot from the Rust Book, which I think has the right proportion of body font size to code block size:
I have recently purchased the book, but am unable to see any of the content. It looks like the version is an older version.
hi! i like to read physical copies of programming books so that i can mark them up and keep them on my shelf. will https://academy.kerkour.com/black-hat-rust?coupon=BLOG be available in print form once it's completed? i didn't see an obvious answer on the marketing website or on this github repo, please let me know if i missed something. thanks very much, best of luck with the book, looks really cool!
Little typo in chapter 6, page 161:
6.23: "If we try to subtract 4,294,967,295 (abount) to (balance)" -> "abount" should be "amount"
Hey author and fellow contributors,
I hope this message finds you well. I wanted to share my intentions regarding the project and discuss potential contributions. I am currently engaged in expanding the research conducted here and plan to maintain a separate fork of this repository in the future by updating the outdated code.
My primary focus at the moment is on creating new chapters that will serve as valuable additions to the existing content. These chapters are 100% free as code and content and aim to extend the scope of the book, providing further insights and depth to the topics already covered.
I am open to feedback and suggestions from the author and contributors. Your insights are invaluable in shaping the direction of the project, and I would like to ensure that any modifications align with the vision and goals of the original work.
Looking forward to your thoughts and guidance.
Love,
Mahmoud
Hello, please consider adding an open-source license to this repository. A comparison of common licenses can be found at https://choosealicense.com/. A potential candidate might be the MIT license, or if you want pretty much no restrictions on it, the Unlicense would work well. If you would prefer something with a few more rules, the GNU GPLv3 could be good too.
wechat or alipay?
In the version v2021.41, the alignment of ToC headings with their section numbers is missing spaces in the chapters from 10 onward.
Hello,
On page 7 under the subheading "Attacks without a clear goal"
The phrase "conflate their ego" should be reworded to "inflate their ego".
Regards,
Aeonik
Hi there, I'm reading through the book and loving it so far! In chapter 2 right now and noticed a typo and another potential typo:
In 2.14
:
Also, the parallel iterator has the same method available as traditional iterators
I believe "method" should be "methods"
And in 2.15
:
Indeed, by using
threadpool
ofstd::thread::spawm
spawm
should be spawn
,threadpool
instead of std::thread::spawn
?Apologies if this is not the best place to send suggestions, let me know if you'd prefer them another way!
But waht is the format of a phone number?
waht
-> what
What are the verifications to preceed to when creating a job for an agent? This is the role of the service layer.
preceed
-> proceed
The service layer is wher ethe business logic lives. All our application’s rules and invariants lives in the service layer.
wher ethe
-> where the
In our case, the entities will Agent , Job (a job is a command created by the client, stored and dispatched by the server, and exectued by the agent),
exectued
-> executed
The repository layer is a thin abtraction over the database. It encapsulates all the database calls.
abtraction
-> abstraction
In this book we will shake the preconceived ideas (Rust is too complex for the real-world, Rust is not productive...) and see how to architecture and create real-world Rust projects applied to offensive security.
architecture
-> architect
I've received many request to create some kind of community about Rust x Hacking.
To be clear I don't have the bandwidth today to do that.
But as this is a really interesting thing that I could set up in the future, I want to gather some feedback before.
The biggest advantage of a community is peer-to-peer learning, where everyone can share their discoveries.
The biggest disadvantages of a community around security are identities and potential scams.
To be honest, I'm not a fan of chat communities (Discord, Matrix...): The knowledge is quickly lost, and it's very easy to mix a lot of conversations.
I would prefer a forum, which provide a searchable archive.
What do you think about it? What would you prefer, and why?
Chapter 2 skips over the models file, and several external libraries. It might be important to
Very beginner things, but it is chapter 2. I would expect these things to be explained in a book which advertises learning rust along the way.
Here are some example of files whose content may be of interest:
/etc/passwd
/etc/shadow
134
/proc/self/environ
/etc/hosts
/etc/resolv.conf
/proc/cpuinfo
/proc/filesystems
/proc/interrupts
/proc/ioports
/proc/meminfo
/proc/modules
/proc/mounts
/proc/stat
/proc/swaps
/proc/version
~/.bash_history
~/.bashrc
~/.ssh/authorized_keys
~/.ssh/id_dsa
It's worth noting one other file ~/.viminfo
can sometimes be a last line of defense of disaster recovery when the bad actor executes commands through the :!
interface on Vi, and completely bypass entries being appended to ~/.bash_history
and ~/.full_history
on some systems. Likewise, ~/.full_history
is also missing.
Great preview so far btw :)
I'm following along your book to learn more about cybersecurity and coding my own tools (and I chose Rust for this), and I couldn't help but notice that .json() isn't a valid method, nor can I identify where you're getting that method from, in chapter 2 and 3. Can you help me with that?
Thank you.
Try to scan ports of twitch.tv
(or ya.ru
/google.com
)
Error:
cargo run --release -- twitch.tv
Finished release [optimized] target(s) in 0.20s
Running `target/release/tricoder twitch.tv`
thread 'main' panicked at 'port scanner: Creating socket address: Os { code: 16, kind: ResourceBusy, message: "Device or resource busy" }', src/ports.rs:49:10
Maybe this is related to rust-lang/rust#47955
because I have same error(EMFILE
). Increase open file limit is not help me.
Any thoughts?
I was not familiar with yew and wasm, so I'm learning from your post, thank you for your great post.
But, the problem is, it seems like there are huge changes between yew-0.18 and yew-0.19, it's almost impossible to follow your instructions. So, I don't know if you have to plan to use the new yew
and update the post or something like that...
Or maybe, I will follow the docs to get familiar with yew (the slow way).
Anyway, a big thanks.
Sylvain, google do it very well. I mean finding files and data.
What do you think of ports scanning and/or device detecting tool, like shodan?
Originally posted by @svirmi in #3 (comment)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.