string – Reverse Sting, Array

I couldn’t understand this part
arr[name.Length – i] = name[i – 1];

Let us have a name of 5 characters. so the value of the arr will be 4, right?

then in the loop, the looping variable is also taking the same length, so its initial value will be 4 too.

in the first iteration, the value of arr[4 – 4] will be arr[0] and name[4 – 1] will be name[3]
so the first index of arr is copied with the fourth index of name.

How the hell is then the original name was stored in reversed order in arr?

C# code for reversing a string

reverse engineering – How was this picture of a model on a boat with a sunset in the background created?

There’s a definite “HDR feel” to the photos, but I’m not sure if any actual HDR / exposure blending tricks have actually been used — it might just be strong curves and saturation adjustment, combined with odd lighting.

  • The photo has been taken against the light, but with the sun low in the sky and behind a layer of clouds, which will tend to diffuse the light and somewhat reduce the contrast difference between the foreground and the sky. I suspect that’s really the most important “trick” here.

  • The photographer may have used a polarizing filter to darken the sky and the reflected sunlight off the water. There may also have been a fill flash involved.

  • It’s pretty likely that the luminance curve has been adjusted to add contrast to the shadows (possibly using something like the Photoshop “Shadow / Highlight” tool, rather than by directly editing the curve), and the color saturation has obviously been increased.

    It’s possible that some of the adjustment may have been masked to affect only the foreground, but it’s hard to tell for sure. The images could also be exposure fused composites, with the sky and the foreground taken from separate bracketed images (or the same RAW image with different exposure corrections), but I actually suspect that, in this case, they’re not (see below).

  • Looking at the sky, especially in the second picture, you can tell that the highlights are pretty badly clipped, and it appears to be a sharp “digital clip” rather than a smooth “film clip”.

    I would consider this a flaw (even if it does add somewhat to the “dramatic” contrast), but it also suggests to me that the photos have probably not been processed too much (beyond the obvious contrast and saturation boosts) — or, alternatively, that whoever post-processed them wasn’t skilled enough to handle the highlights properly.


Anyway, here’s a quick example of how to post-process such images to bring out the foreground. The original image is a quick snapshot I took from a boat against the sunlight, with no fill flash, using a Nikon D70s at ISO 200, f/6.0, 1/8000 s. It lacks the dramatic sunset colors, but does illustrate the general issues with shooting against the light over water:

Step 1: Original image with no exposure correction
Step 2: Exposure boosted by +2.6 in ufraw
Step 3: Color saturation boosted to 170%
Step 4: Luminance curve adjusted to balance foreground and background
Top down, left to right: (1) original image with no exposure correction, (2) exposure boosted by +2.6 in ufraw, (3) color saturation boosted to 170%, (4) luminance curve adjusted to balance foreground and background.

Note how, without exposure correction, the foreground is severely underexposed. That’s actually deliberate; it’s a lot easier to boost exposure in post than to fix blown highlights.

All of this was done with global adjustments only; of course, with careful masking, much more would be possible. The tricky part here was getting the curve adjustment to look good. Here’s a screenshot of the curve I ended up using:

Screenshot of color curves in ufraw

You can see that there’s a strong contrast boost at the bottom end (corresponding to the subject in the foreground), with a compensating flat range in the “midtones” (which, here, basically means the constrast gap between the foreground and background) and a slight S-curve in the upper range corresponding to the highlights on the water (to give them a bit more contrast).

As for dramatic lighting, I’d say it comes mostly down to picking the right time and location. Here’s the kind of background you can get with a polarizing filter and the sun low behind clouds:

Sun behind clouds, taken with a cellphone camera through sunglasses

This is, in fact, a completely unedited photo taken with an old 0.3 Mpx cellphone camera, filtered through polarizing sunglasses. You can just imagine how awesome it would’ve looked if I’d had a proper camera with me. 🙂

penetration test – Why is the first step for an attacker to get Reverse Shell after getting RCE?

If someone is having a Remote Code Execution, that means, one can run the commands on the server, then why does he need to get the Reverse Shell?

Even though I can run system commands, then why do I go for Reverse Shell?

I am finding the primary reason behind it.

Are there countries that bar nationals from traveling to certain countries? (Reverse travel-ban)

I know that a travel ban based on nationality is normally enforced at the destination. It is most notable that Israelis suffer this kind of ban from most of the Arabic world.

Another notable examples are North and South Korea, which are reciprocal enemies and do not accept nationals of either nationality. It’s also extremely difficult to actually get a passport for North Koreans.

And of course US travel bans issued by Mr. Trump against nationals of certain Muslim countries.

But I wanted to ask about the opposite, mostly for sake of curiosity. Are there countries that forbid their own nationals to visit certain enemy states despite that destination state accepting them?

Example. National of country A can legally enter state B (from B’s laws point of view, and most likely using a connecting flight), but when that person returns to the home country A they get prosecuted by law, e.g. if they have passport stamps, pocket money from B or just any other evidence to have visited that state.

From the first example: an Israeli dual-national is likely to be able to visit Lybia with a second passport, but I don’t know, never heard, about any Israeli law prohibiting individuals to visit Lybia (should the government ever find out).

Infix to reverse polish notation (RPN)

I have an example: m = n = p = (-1) ^ (m + n + p) * (m + n + p);
I don’t know what to do with multiple "=". Should I treat them as a sign with the lowest priority or just put them in end of the answer?
That’s what I get when I treat them as sign with the lowest prioryty:
M,N,=,P,=,1,NEG,M,N,+,P,+,^,M,N,+,P,+,*,=
Could you check my answer?

Cloudera CDSW URL Access Via Apache Reverse Proxy

Please help advise me on this tricky situation in my project:

############

In our project we have 3 tiers (web->app->db) for firewall rules. Users can only access Web-Tier.

CDSW application runs on DB host -> We do not have any application host in app-tier -> Due to this we have to setup an extra Apache proxy in App-Tier -> Our current setup is like this:

User -> Apache Proxy (Web-Tier) -> Apache Proxy (App-Tier) -> CDSW (DB-Tier)

CDSW Limitations:
CDSW requires a web url (cdsw.company.com & *.cdsw.company.com) to be registered in remote DNS server – CDSW specifically says local host file is not supported.

Due to this we cannot have same URL (cdsw.company.com) mapped to web-tier & db-tier at same time. For this, we have used a standalone DNS server which is used only by CDSW host.

When user login to CDSW & open a project – 3 other urls are generated (consoles.cdsw.company.com , assets.cdsw.company.com , livelog.cdsw.company.com)

Inside CDSW project – If a user clicks on terminal access then a new browser window opens with dynamic URL generated as: .cdsw.company.com

############

Please advise – How can I make this CDSW application accessible to users via Apache Proxy (web-tier) URL with all these complications stated above.

Regards,
Ashu

Nginx reverse proxy is rewriting url to 127.0.0.1

I have a nginx reverse proxy on a server where I run a bunch of apps, e.g. app1.domain.com, app2.domain.com, etc. I recently added a new application with the following config (with LetsEncrypt for SSL):

server {
    server_name app.domain.com;
    server_name_in_redirect off;
    location / {
        proxy_pass http://127.0.0.1:6767;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/app.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/app.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = app.domain.com) {
        return 301 https://$host$request_uri;
    }
    # managed by Certbot


    server_name app.domain.com;
    listen 80;
    return 404; # managed by Certbot


}

However, whenever I go to https://app.domain.com/ it redirects to https://127.0.0.1:6767/somelandingpage/. What’s stranger still is that if I manually fix the url to https://app.domain.com/somelandingpage/ it loads fine, and if I click around the app to navigate to different paths it correctly stays on app.domain.com. This nginx config is pretty much identical to another app I use so I’m not sure why this one in particular is redirecting like this. At first I thought it was the app thinking it’s URL is 127.0.0.1:6767 and redirecting there, but if I try a GET request for https://app.domain.com/ in Postman I get Error: connect ECONNREFUSED 127.0.0.1:6767 (which doesn’t have the /somelandingpage path) so it makes me think this must be the nginx config. But if that’s the case, what am I missing here?

How do I stabilize a reverse shell in when the attack box is using powershell?

So I’ve managed to get a version of netcat onto my windows machine and I can run the standard:

nc -lvnp 1234

and this properly connects to the victim’s machine, but it’s a very fragile connection. Ctrl + C will just drop the connection, tab doesn’t auto complete, and the up and down arrows don’t give me history. On linux, the common way to stabilize the shell looks like this:

python -c "import pty; pty.spawn('/bin/bash')"      //run on victim's machine
CTRL + Z                                            //switches over to your machine
stty raw -echo                                      //run on your machine
fg                                                  //switches back to victim machine
export TERM=xtrm                                    //run on victim machine

The problem is that ctrl + z just locks up Powershell so that’s about as far as I get. Even if I use a Kali linux docker container, I am still running that container through Powershell or CMD and I just just can’t get past that ctrl + Z issue.

How do I stabilize a reverse shell through Powershell or CMD?

Is it possible to use a reverse proxy authentication in a native mobile app

We have a few backend services that our frontend SPAs fetch data from. Right now, the SPAs use JS libraries to authenticate with the Auth server (Azure AD) which returns a JWT which is validated by my backend services before responding to the requests. We also have a couple of native mobile apps and they too are using platform specific libraries for auth. This works fine for now.

But slowly the number of our SPAs are increasing and it is becoming a pain to write and maintain the same auth code in all the applications. Moreover, we are also looking to deploy our apps on-premise for some of our clients who might have separate auth needs (say Auth0 or Okta). This is also true for our native mobile apps.

As such, I was thinking of removing authentication handling from our SPAs and proxy all requests through a reverse proxy like NGINX which can also authenticate requests by redirecting them to a sign-in page.

But, I don’t know if this will help us in doing something similar in a native mobile app. As far as I understand, since the client is not requesting a page everytime it loads (like an SPA does), I am not sure where exactly the popup(or maybe redirection?) should happen in a mobile app. Or is that even possible? Is using platform specific auth SDKs the only way in a mobile app? If so, is there a way (or a library) that is not auth provider specific and I can switch out auth easily?

nginx reverse proxy hotlink protection

I need to proxy remotelocation.com on remote.mylocation.com using nginx.
They use CloudFlare, but i have the backend ip so it is not a problem.

Now, I am getting Hotlink protect error

My nginx config is :

server {
  listen 80;
  server_name remote.mylocation.com;
  location / {
        proxy_pass http://their ip;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
        proxy_set_header Host remotelocation.com;
        proxy_set_header Referer "https://remotelocation.com/";
        proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 6.1; Win64;  x64) >
        proxy_set_header X-Real-IP 103.21.244.22;
        proxy_set_header X-Forwarded-For 103.21.244.22;
        proxy_set_header X-Forwarded-Proto https;
  }
}