Hi there,

What if we rename the folder name to 02-..., 03-..., so that is numerically sorted when listed on github?

Version Information

Go version: go version go1.14.2 linux/amd64
Kernel: Linux gray 5.4.0-7626-generic #30158816988320.04~bbe668a-Ubuntu SMP Wed Apr 29 21:00:02 UTC x86_64 x86_64 x86_64 GNU/Linux

/etc/os-release:

NAME="Pop!_OS"
VERSION="20.04 LTS"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 20.04 LTS"
VERSION_ID="20.04"
HOME_URL="https://system76.com/pop"
SUPPORT_URL="http://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
LOGO=distributor-logo-pop-os

Metasploit version: v5.0.89-dev

Problem

Running the basic client included in the chapter3 examples doesn't return any sessions

Given the comment on line 15, it seems that arguments to Command should be "/bin/sh", "-i" instead of "cmd.exe".

Hi,
I installed MSYS as directed in the book, if I try to add "import C" in code and build, I get this error:
cgo: exec /missing-cc: exec: "/missing-cc": file does not exist

I am in windows 10, visual studio code

Hello. Thanks from you work!
Explored this project and got an error:
panic: json: cannot unmarshal number into Go value of type shodan.APIInfo.
At first I thought that I had a new shodan account & FREE API PLAN, but I have doubts.
Can you give a little attention and explain the cause of the error?
In the meantime, I'll try to figure it out myself.

The book suggests the following

s := "html body div#b_content ol#b_results li.b_algo div.b_title h2"

but in reality, it doesn't work. I have attempted to make small changes to debug but I didn't get any luck.

I assume the logic is to loop through every one of these tag from s, then attempt to find if a with attr href exist, if it does then save it, if it doesn't, then return. However, the loop dies when it reaches div#b_content, although the html elements of that page from bing does have a div tag with id b_content. Please give some advice how to fix this. thanks.

Hi all,

tl;dr somewhere between bufio.Scanner and the fqdns buffered channel the code starts hanging. When the length of the buffered channel is increased beyond the number of words in the wordlist, it works.

First let me thank you for this amazing book. It's been an awesome read so far and I'm excited to continue reading and try all the other examples.

Today, I stumbled over an issue that I can't explain with my limited knowledge of Go concurrency. First I thought, I made a mistake copying (and modifying) the code but the same problem exists with the exact code from this repository.

When I run the code with the example wordlist and 100 workers, the code stops executing after a few requests (in tcpdump I can see that no more requests are being sent). If I further reduce the number of workers, the only effect this has is that the code sends fewer requests.

When I run it with 1000 workers, like the example in the book (side note: typo on page 117, the text says 100 workers but it's 1000 in the example), it terminates but doesn't seem to process all subdomains. I tested it against a domain with a wildcard CNAME and I only get a few FQDNs and IPs in the results. Those results are also not reproducible between runs so I'd guess the issue has something to do with concurrency.

On a hunch it might have to do with the buffered channel, I increased the buffer size to be larger than the number of words in the wordlist. That way the program terminates independent of number of workers and is able to query all subdomains. So my guess is that somewhere between the bufio.Scanner and the buffered channel fqdns there's a choke point. I just can't figure out why.

Do you have any ideas?

Cheers,
Kevin

P.S. The data race detector (go run -race) didn't turn up anything. Using an unbuffered channel doesn't work either. Using -c 2000 (more workers than words in the list) also yields incomplete results.

P.P.S. Just to be super sure it wasn't just my old 2010 MacBook Pro (w/ Arch Linux) being too slow, I also tested it on a recent MBP using Mac OS. The problem persists.

Hi, I have been following your book and came across with the metasploit example and got the following error

2020/12/06 17:34:46 Post "http://10.0.1.6:55552/api": dial tcp 10.0.1.6:55552: i/o timeout
panic: Post "http://10.0.1.6:55552/api": dial tcp 10.0.1.6:55552: i/o timeout


goroutine 1 [running]:
log.Panicln(0xc00010dd38, 0x1, 0x1)
	/usr/local/go/src/log/log.go:365 +0xae
main.main()
	/Users/dmml/Documents/golang/hacking/metasploit/metasploit-minimal/client/main.go:19 +0x19a
exit status 2

it looks like it couldn't connect to the tcp connection.

I did start the msf server and ran the following successfully

msf6 > load msgrpc Pass=s3cr3t ServerHost=10.0.1.6
[*] MSGRPC Service:  10.0.1.6:55552
[*] MSGRPC Username: msf
[*] MSGRPC Password: s3cr3t
[*] Successfully loaded plugin: msgrpc

Please give some comment and tips thanks.

Hi,

It seems bing no longer accepts requests without proper user-agent header, if it doesn't recognize the user agent, it returns "no results found" even if the URL generated returns results if used in a browser. I had to modify the main.go to use http.NewRequest instead, like this (it seems gitlab formatting messes up the code):

`client := &http.Client{}
q := fmt.Sprintf(
"site:%s && filetype:%s && instreamset:(url title):%s",
domain,
filetype,
filetype)

search := fmt.Sprintf("http://www.bing.com/search?q=%s", url.QueryEscape(q))
req, err := http.NewRequest("GET", search, nil)
if err != nil {
    return
}

req.Header.Add("user-agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36")
resp, err := client.Do(req)
if err != nil {
    return
}

doc, err := goquery.NewDocumentFromReader(resp.Body)`

是对的

I tried connecting to the linux server using telnet btoh from windows and from linux (local) but even when the server is receiving the comands, it is not returning anything to the telnet client. Any ideas?

Run this code ,when detect a opened port，the program can't disconnect the connection。
I changed the net.Dial function into the net.DialTimeout, it runs well.

I bought the book on amazon, currently I am reading chapter 6, SMB and get this error "epository not found".
I am using visual studio code, I have no problem with "go get" of other library but this smb package.
Please help.

PS E:\Go Pen> go get github.com/bhg/ch-6/smb/smb

cd .; git clone -- https://github.com/bhg/ch-6 C:\Users\PC\go\src\github.com\bhg\ch-6

Cloning into 'C:\Users\PC\go\src\github.com\bhg\ch-6'...
Logon failed, use ctrl+c to cancel basic credential prompt.
remote: Repository not found.
fatal: repository 'https://github.com/bhg/ch-6/' not found
package github.com/bhg/ch-6/smb/smb: exit status 128

👋

Making my way through Black Hat Go print release.

Noticed one small point of error between code here and in the book so far.

pp. 35 maps to ch-2/echo-server#L4 but unfortunately is missing io import compared to the code :(

The book only reads

import (
    "log"
    "net"
)

Even big timeout 10*time.Second can increase performance:

conn, err := net.DialTimeout("tcp", address, 10*time.Second)

Since this book was written, module usage has changed enough to make some of the examples difficult to do properly. For example, in the Chapter 3 Shodan example, you create a shodan module within a separate directory and utilize that package in a main.go but the examples here don't account for importing properly and there is no mention in the text either... may want to consider revising some of that to be more current.

would you mind if i make some purposes generally for better examples?