Download "Онлайн-обучение Python за 3 дня"
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252F2Yw1LFnGIc0%252Fmaxresdefault.jpg&w=1139&q=75)
Table of contents
Similar videos from our catalog
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252F6osCYYcbuww%252Fmaxresdefault.jpg&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252F8g1GFqag65I%252Fmaxresdefault.jpg&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252FBoKwiRB6MmY%252Fmaxresdefault.jpg&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252FJ1HiR3XwpJ4%252Fmaxresdefault.jpg&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252FL3q-N57dJNo%252Fmaxresdefault.jpg&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi_webp%252FOh0oSgJAS9w%252Fmaxresdefault.webp&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252FUhjv--SY43U%252Fmaxresdefault.jpg&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252FcX7_jFNUuTU%252Fmaxresdefault.jpg&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252FubhF4udP-Wo%252Fmaxresdefault.jpg&w=1139&q=75)
%3Aformat(webp)%2Fi.ytimg.com%252Fvi%252Fyms1G4541dc%252Fmaxresdefault.jpg&w=1139&q=75)
Video tags
Subtitles
Russian
00:00:17
[music]00:00:26
[music]00:00:41
[music]00:00:54
[music]00:01:09
dear friends, good evening everyone, Moscow00:01:12
eight o'clock in the evening and we00:01:13
We are glad to welcome you on the second day00:01:15
our minton power of dedicated hacking at00:01:18
language therefore before we continue00:01:20
let's set up our broadcast according to tradition00:01:22
please write to the chat if we have everything00:01:24
is the sound okay and is everything okay?00:01:26
with the video, as always, I’ll remind you what for00:01:28
our broadcast00:01:29
there is a separate page for life.00:01:31
skillbox dot ru slash code below00:01:34
underscore hear online flash00:01:36
we read today's date here00:01:38
your comments and respond to yours00:01:40
questions will also be very cool if you00:01:43
write if you watched us yesterday00:01:45
online or watched in recordings00:01:47
and for the new arrivals we will introduce ourselves00:01:49
online university skillbox00:01:51
present moment of learning in all our00:01:53
over 35 thousand programs are already taking place00:01:57
students we have independently developed more than 14000:02:00
training programs and in fact at present00:02:02
moment is the only one who has a unique00:02:04
own training format00:02:06
permanent educational system00:02:08
supporting our students at all stages00:02:10
training and of course quality assurance00:02:13
but all this would be simple00:02:15
impossible without our key partners00:02:18
leaders in areas such as marketing00:02:20
design and of course first of all00:02:23
programming we live and work and00:02:25
We are still working on October00:02:26
so 100 want to come visit00:02:29
excursion only conditions00:02:30
We still set to sign up in advance00:02:32
battle your he is the main man in python00:02:34
in Russia in my opinion hello everyone00:02:37
hi let's check nekit comments00:02:39
is everything okay with us, he looked at00:02:41
online I look great at online himself00:02:44
everything is fine its online and in the recording this is it00:02:47
even better, everyone writes beautifully to us00:02:50
great video and sound00:02:52
ok ok ok then what to wait then wait00:02:56
nothing will happen Nikita I’m telling you00:02:58
presentation control panel itself00:03:00
I'm leaving in the comments00:03:02
maybe friends that is in progress today00:03:04
broadcasts as a moment in time00:03:06
disappeared and only one will remain00:03:08
Nikita but I know that you even to yourself00:03:11
we thought it would be great that this would happen00:03:13
Well, I don’t know, but that could be why00:03:15
just warning you hockey Nikita and00:03:18
on the second day what awaits us00:03:20
what awaits us today of course00:03:22
First of all let's talk about home00:03:24
there was a lot of work, but all I00:03:27
looked looked through realized what happened00:03:30
what didn't work out is all with you00:03:32
we'll figure it out then you'll actually write this00:03:35
lock faster lock say00:03:39
brute force so you and I will rise here00:03:42
counter let's do it with therefore and then00:03:45
was to send requests there in order00:03:47
to hack authorization before that00:03:49
of course we will talk about what in general00:03:52
represents00:03:53
authorization well let's go explore a few00:03:57
theories it will definitely give us an idea of00:04:00
what does the interaction between00:04:02
client and server so that we00:04:04
even understood exactly what behavior00:04:06
us expected horse and may what mistakes00:04:08
and the results are errors on what00:04:12
results are success then we00:04:16
let's try to figure it out00:04:18
blocking yes we will try with one00:04:20
hand protect yourself adidas still with00:04:22
on the other hand, get out of this blocking00:04:26
and in general, let’s look at whether this is true00:04:29
Just00:04:30
write a blocking that can be bypassed00:04:33
it will be difficult and then we will improve00:04:36
Let's look at several methods of our attack00:04:39
how can you do the same thing there?00:04:41
faster and better quality and so on00:04:45
that's all for today for tomorrow00:04:48
The only thing left for us is this type of glasses00:04:50
we'll take it there and don't give it from ours00:04:54
I'm afraid of this word of [ __ ] code that00:04:56
Today we’ll just write it in folders and collect it00:04:58
there's a whole cool app there00:05:00
let's comment on it, we'll do it with him00:05:02
the interface is good by the way00:05:07
interface I just want to say thank you00:05:10
these guys who do their homework00:05:12
didn’t just write while true there and00:05:16
request for just exactly that simple00:05:23
request00:05:24
just one harmless request that00:05:26
sent to a bunch of servers somewhere00:05:28
thousands of times those that can be purchased00:05:30
got confused00:05:31
and did cool things like they00:05:35
ask the user at startup00:05:37
programs what kind of site does he want, how many requests?00:05:42
time he wants to do some guys00:05:44
made cool improvements like took and00:05:49
and launched this attack in streams, that is00:05:53
made a lot of requests at the same time00:05:55
to make them happen faster00:05:58
what else was interesting?00:06:02
the guys who sent the finished pieces00:06:04
code to attack some specific00:06:06
servers it was very interesting and funny00:06:11
read in general in general everything00:06:14
those who sent to completed the task00:06:20
over there00:06:21
if you have it, it started00:06:24
the bulk of this homework00:06:25
you and I have completed, that is, concrete00:06:30
the code is running and that means you can00:06:33
it’s time to write some more complex ones00:06:34
things like doing a second home00:06:37
task before its text I will say today in00:06:40
end of the webinar00:06:42
but unlike the first one we have for him00:06:45
they will call for maxims that we have00:06:49
for prizes prepared for solving up to 200:06:52
homework that you haven't done either00:06:54
so simple to 1 I will remind you and thank you00:06:56
great thing you mentioned about this we are in00:06:59
at the very end00:07:00
on the third day we will draw 3 certificates00:07:02
to receive a discount of thirty00:07:05
thousand rubles to buy absolutely any00:07:08
courses from our online line00:07:10
university skillbox00:07:11
and this will be a discount of 30,000 rubles00:07:14
sum up with our New Year's00:07:16
sentence is the same story00:07:19
great today we will announce it before00:07:24
Tomorrow we should send this in this00:07:26
models some deadline let's say 1900:07:30
until 3 o'clock now there's a wood burner so I can have time00:07:33
still look through all the homework here00:07:35
then we will draw, choose 3 random00:07:39
winners00:07:40
so let's go let's go first00:07:46
Let's start with theory and then switch to00:07:48
practice means today our topic is00:07:52
evil brute force00:07:54
and the first thing I would like to talk about is00:07:57
in general how the network works when you00:07:59
come to some interview00:08:01
you are asked various tricky00:08:04
question and when they want to check, do you know?00:08:07
you how the internet works how it works00:08:11
the network may ask you how but what00:08:14
happens when you type from in the browser00:08:16
from some site and there is the answer00:08:20
can be given at any time expanded00:08:22
there is even a repository on Github where00:08:25
people from all over the world fold and00:08:27
add more additional steps00:08:28
What00:08:29
it still happens so much00:08:31
the question has become popular and so often00:08:32
they ask him that the whole group has already gathered00:08:35
encyclopedia on the topic of this question but in00:08:39
in general, whatever happened there until if00:08:41
discard the signal that went to00:08:44
motherboard when clicking there00:08:46
keyboard buttons globally00:08:48
there are three main steps going on there first00:08:51
step is to determine the server ip on00:08:55
which you send the request and00:08:57
establishing a connection to this server then00:09:00
there are sites they have names but this00:09:04
im this is their this is their id yes this00:09:09
just a mask to use for them00:09:11
can you contact me, my name is Nikita00:09:16
but I have a specific one in my passport00:09:18
number where you can call me00:09:20
identify that is, a certain dead person00:09:23
anyone and to find out00:09:25
where is the real address of this server?00:09:27
you need to contact the browser when in00:09:31
write this or also look to request00:09:34
and when you write the website address in it, it00:09:38
asks and special systems that00:09:40
for us the system is called pre-war00:09:42
systems real site address is four00:09:45
numbers separated by a dot and here for Google00:09:47
for example they look like such giants00:09:49
as it was not have many picnics and in00:09:51
depending on which one is closer to you00:09:53
and the request will go00:09:54
but it would just be different if everything00:09:57
connecting the panel to one server then this00:09:59
the server would not be able to withstand such a load00:10:01
here's one way00:10:02
scale to drivers a lot00:10:04
stove makers are then installed00:10:10
connect no yes and accordingly well00:10:16
such an event occurs as this is the goal00:10:19
open on site there00:10:20
handshake of the so-called who are there00:10:23
happens in three steps we ask00:10:25
Google00:10:26
are you ready to answer us he00:10:29
he says yes, I’m ready and we talk to him about00:10:32
whoa then get information the same day and00:10:35
at this moment00:10:36
the tunnel is open it's all happening very00:10:39
at a low level this is not very good for us00:10:40
interested today00:10:41
wondering what will happen next00:10:44
the request will be generated in a special00:10:48
protocol called eat00:10:49
now they will be sent to the server and00:10:51
the response that the server will also send00:10:53
will be sent in the protocol now it00:10:56
very simple yes it consists of00:11:00
corresponded to the three main blocks it00:11:03
resource address on this server, that is00:11:06
let's say if we went to google.com00:11:09
then the resource address would be default00:11:12
that's just slash, what if we allowed00:11:14
go to google.com and become00:11:16
would you indicate what text we want in00:11:20
Google search for the address to resources00:11:22
would contain this entire line which00:11:24
comes after the first class we indicate00:11:26
give the first line also what00:11:28
contact using http00:11:29
we are talking about making a get request00:11:31
there are simply different types of agent requests00:11:34
this is to get some information00:11:36
paste for creating an object, roughly speaking00:11:39
on server00:11:40
or just sending some complex00:11:43
data that is here in one00:11:44
I didn’t fit the line, but there are also different ones00:11:48
less popular ones will arrive there00:11:50
head there are a lot of them for us00:11:53
you only need two: get and post00:11:55
then the haders are indicated in the following00:11:58
lines these are special lines00:12:01
to which which are divided by a colon00:12:04
on the left is the name of the title and on the right00:12:08
with 3 meanings let's say when we go00:12:11
on the site you beams we can indicate in progress00:12:14
that we are accessing the site google.com is00:12:16
will allow google to determine what is up to it00:12:19
the request did not arrive through some other00:12:21
tail through this one and there is also00:12:24
all sorts of support staff that00:12:27
indicate additional information on00:12:31
request this information then00:12:34
yes, let's say we don't talk about the request until00:12:37
that we want to get some kind of the same topic or in00:12:40
answer we can indicate the progress of the reaction00:12:43
and the wait wasn't anything like00:12:46
written in the given example write00:12:49
there is accent text html and something like this00:12:51
and then just 9 than you can’t be more precise00:12:56
but that would be a mistake, you can also00:13:01
send post requests and not unlike00:13:05
where queries also have a third part00:13:08
after the frames there is just an empty line00:13:10
empty line starts just the body00:13:13
request here is the request gene for such a body00:13:15
There is not00:13:16
it is only available in post requests00:13:19
get involved in requests and in my opinion all this00:13:23
the body may already contain some00:13:26
complex information for example we can00:13:29
there pass jason object frame we00:13:31
yesterday we talked about Jason00:13:32
as a way to log in, for example00:13:35
a popular authentication method00:13:37
looks exactly like what you send to00:13:40
server g sonchik and there is a login field and00:13:43
password field they can be called differently there they00:13:45
may be with some others00:13:48
additional information at .00:13:50
our overall everything looks exactly like this post00:13:53
request but let's say slash login and00:13:57
transmitted in the body00:13:59
Jason and in the fight by the way we can00:14:02
the server is not confused so that he knows for sure00:14:04
what does Jason need to point out to him?00:14:05
special header content type reproach00:14:08
in the forest like this00:14:11
accordingly this is the second step00:14:14
finished and now the third step the server is not00:14:17
answers with some information and we00:14:21
We are waiting for information00:14:22
and 7 accordingly is already here00:14:26
http response and it has a slightly different00:14:29
the format is actually very similar00:14:32
it also has headers but there may00:14:37
be a set of headers it's different00:14:39
which could be this but in general00:14:41
the structure is the same there is a key before that00:14:43
values and also has a response body00:14:47
which in the case of Google is acceptable00:14:49
including include some html00:14:51
structure and here is the first line00:14:54
different there is no longer a resource address00:14:56
which we treated from00:14:58
there is a status, the response code is this status00:15:02
you know the code yes 404 not found00:15:05
a popular error is the status code which00:15:08
indicates that the requested resource00:15:09
not found this means that's what you are00:15:12
did there, let's say get flash and some00:15:16
the path of this path on the server is not00:15:18
exists this is an error 400 404 there is a class00:15:22
errors 400 it includes 400 it's simple00:15:26
abstract error caused by the client yes00:15:29
there 401 to 2 402 payment 40300:15:33
there exo will do 404 not found00:15:37
405 method and so on and so on00:15:39
in general, for every situation that can00:15:41
adventure put this code 50000:15:44
mistakes happen error happened by00:15:46
it's the server's fault, that is, you got something from him00:15:47
requested00:15:48
but it’s not your fault because you didn’t send00:15:51
correct request something bad happened to the server00:15:53
they say service 500 before or there service00:15:56
Yandex so when it doesn't work00:15:59
here are 200 stat codes and does not mean that00:16:01
everything went well that the request was completed00:16:05
successful case with Jason us also00:16:09
can convey some kind of00:16:13
information in the form of Jason00:16:16
we can also parse it00:16:19
make sure everything goes well and washes well00:16:22
all three steps that the request takes place00:16:26
now about authorization and00:16:29
go down00:16:30
let's talk about these terms and don't need them00:16:33
Many people call it a mistake to pay00:16:37
authorization authentication and vice versa00:16:41
there is a little difference00:16:42
it is that authentication is00:16:47
so now I’ll formulate it correctly so that00:16:50
don't get confused authentication is a process00:16:55
checking that your username and password are00:17:00
correspond to each other, that is, this00:17:02
checking what you have at all00:17:06
access the requested resource now00:17:11
there is a subtle difference, it is necessary00:17:12
distinguish authentication it results from00:17:15
gives you some talking which you00:17:17
then you can use it as00:17:21
confirmation that you have access00:17:24
authorization is a check of specific rights00:17:27
let's say when we go to the page00:17:31
defecation well there on the page00:17:34
we call the login as he likes on VKontakte00:17:36
or Facebook we come process00:17:38
authentication, that is, we confirm00:17:42
what we are we are such a synonym for00:17:45
identification or something when really00:17:48
so you say half the password and you00:17:50
they give you the kind with which you can do everything later00:17:54
your resources request all yours00:17:55
actions on behalf of oneself to perform a process00:17:58
authorization is when we are already with it00:18:00
I want to come and talk like that00:18:04
publish a post I want to get there00:18:08
list of available friends and so on here00:18:11
but those who try just use aus00:18:15
yeah there's a reduction there and don't worry about it at all00:18:18
Well, today we will need exactly00:18:21
pass00:18:23
there are different ways to authenticate00:18:27
how can this be done for example first00:18:31
the way it includes generally00:18:33
throwing away is a reason for modification00:18:36
includes00:18:38
next story you are in one of00:18:41
encrypt the request headers using00:18:44
special algorithm your login and00:18:47
password and it looks like this auto00:18:50
reception: basic and there is some hash there00:18:53
And00:18:54
when the server sees this and authorization00:18:57
he understands that with the help of this00:18:59
you can log in00:19:01
it decodes it in a special way00:19:03
gets your username and password from there00:19:06
which you went there and then already00:19:10
check but as soon as he came and00:19:13
carried out reached that one and gave him the password00:19:15
corresponds, that is, this is the way00:19:18
when you at every request00:19:20
simply send your login and password to00:19:22
as such such in particular and such00:19:29
some ancient people use this method00:19:32
site tits for a simple reason if someone00:19:36
will intercept your games then he will forever00:19:38
will have access to your site00:19:40
he can also password on your behalf00:19:42
change and you will also lose access to00:19:45
this site00:19:47
much cooler is the diagram when you send00:19:53
request login and password once00:19:55
then in order to00:19:57
after all, do some information00:19:59
You send http requests specifically00:20:01
given to you by the server in response to00:20:04
modification of a token that will expire yet00:20:06
in 15 minutes let's say if you're okay00:20:08
won't do it especially in banks00:20:12
used here neighbors also works00:20:14
only there this token lives before that00:20:16
not 15 minutes, but let’s say a month there if00:20:19
a month later you go to the browser and nothing00:20:21
I do it on the site, it’s most likely00:20:24
will ask you to log in again here00:20:26
banks, that’s actually how he lives 1500:20:28
minutes and you if you do nothing00:20:31
we will deny you access because00:20:33
that you never know who will approach your00:20:34
the computer will still have it later00:20:38
it's expensive, that's how it works00:20:44
simple authorization modification and00:20:48
today we are with you this process of defecation00:20:50
let's implement it by the way00:20:54
slightly wrong slide this slide00:20:59
describes exactly how this happens00:21:02
Here00:21:03
authentication with authorization via00:21:05
temporary these are taken and they00:21:08
are called cookies and are not placed directly00:21:11
to the browser that is when you do00:21:13
special request science defecation its00:21:16
login and password00:21:17
but it could be jason maybe00:21:19
some forum dates like this in the picture00:21:20
shown when separated by an apostrophe00:21:24
key and value are more precisely different different00:21:28
variables up to key and value through00:21:30
I'm sorry and then the browser is for you00:21:33
succeeds using special moves once00:21:35
from the pile in this purchase it will save you00:21:38
in the browser and then automatically with00:21:40
each request is sent to the server and to00:21:43
you can already request this request00:21:45
any date that is available only to you and00:21:47
since this frame will be included in the request00:21:51
these requests will occur successfully then00:21:54
there is this frame that just00:21:56
in general, requests will be added and00:21:57
further you will work as if00:21:59
he wasn't here like this today we are with you00:22:04
we will send accordingly00:22:05
this same request using jason00:22:09
and in return we will expect 200 ok everything00:22:12
we are not interested in the rest if you00:22:14
received 200 ok, which means the hack is complete00:22:17
it means they got the payoff00:22:19
then we do whatever we want with her00:22:21
We will cover this part today, well00:22:23
all the theory is over, the polls are even00:22:29
I have a question if you allowed this00:22:31
part of the interrogative make them would be00:22:34
grateful to you00:22:35
I'll start with a question, I suddenly while ours00:22:38
viewers generate their questions I yesterday00:22:40
very quickly told about our big00:22:43
professional annual program00:22:44
just in the direction of the language python with00:22:47
job guarantee program itself00:22:49
by itself annual00:22:50
consists of four parts we teach with00:22:52
absolute zero with amazing00:22:55
teaching staff00:22:56
individual mentor checks00:22:58
homework, graduation projects and00:23:01
so you think next00:23:04
employment00:23:06
so yesterday there was quite a lot00:23:07
applications promised, I'm sorry, what if they00:23:12
If it's 200 then we'll make an extra one00:23:14
surprise but there were no more than 120 of them00:23:18
too much today we are very much00:23:21
students were advised just the same00:23:22
on issues dedicated to training00:23:25
possible in this direction from those00:23:28
who talked to my colleagues00:23:29
career consultants friends I want00:23:31
so that you write to me now in this chat00:23:34
feedback and your impressions and00:23:36
emotions from communicating with my colleagues00:23:38
career consultants liked it00:23:40
you may not receive a course consultation00:23:43
liked it if you liked it than if00:23:46
I didn’t like the question either because00:23:48
what for me as a leader00:23:50
directions are very important I repeat00:23:52
that we really have an annual00:23:54
language program therefore with a guarantee00:23:57
employment therefore if for any reason00:23:59
reasons you haven’t heard the draft program00:24:02
yesterday which is of course unlikely00:24:05
maybe I would like you to00:24:06
done while we have a promotion with00:24:08
50% discount on tuition for00:24:12
for this course I want you to just00:24:13
managed to leave a request how to do it00:24:16
click on the button to get a special00:24:17
The proposal is just to indicate here00:24:19
own name00:24:20
email phone number and click on00:24:22
button get access tomorrow with you in00:24:25
my colleagues will contact you during the day00:24:27
career consultants about everything for you00:24:29
they will tell you so that you can make a decision00:24:32
important point that I didn't tell you00:24:35
yesterday it often happens that our viewers00:24:37
waiting for the third day, waiting for the end is not enough00:24:41
can there be a certificate of no sunbathing and00:24:43
I would like to save 30,000 rubles and00:24:45
this predetermines their future00:24:48
behavior in that regard to register on00:24:50
course or not, I'll tell you so much00:24:53
the number of cases was unfortunately00:24:55
when a person received a certificate for seats00:24:57
on the course itself we no longer had well00:24:59
it's just that other people bought them that's why00:25:02
if you are somewhere too00:25:03
fantasized about that00:25:06
that I'll wait until the end of Saturday and be there00:25:09
what will happen there maybe you didn’t like it00:25:10
program I use it without a certificate00:25:13
I'll sign up but I'll still wait00:25:15
colleagues, don’t expect it to be much easier for us00:25:17
give you something else, for example00:25:19
one course for the same 30 1000 rubles00:25:21
maybe even a little more if you already00:25:24
sign up for the program therefore00:25:26
so I just have one request for you00:25:27
don't delay, I see we've arrived00:25:30
comments00:25:31
this is great if I may literally00:25:32
a couple, Ivan writes that I liked everything00:25:37
the consultant beat it very00:25:39
professional, thank you very, very much00:25:41
thank you for such a comment and that's enough00:25:43
It was nice to communicate, I didn’t interrupt00:25:45
asked myself questions but this quote says00:25:49
Lena but while reading I was dumbfounded and remembered that00:25:52
I only wanted it when my hand turned on00:25:55
Elena you can leave a repeat00:25:56
request to re-communicate with non-colleagues00:25:58
no big deal, didn't like the price00:26:01
writes Vladimir Vladimir00:26:02
annual program with individual00:26:05
communication with the speaker with checks of your00:26:07
homework graduation projects00:26:10
There are no job guarantees by default.00:26:13
may cost 58 thousand rubles more00:26:15
with endless updates for free00:26:18
imagine that I don’t know, you bought it for yourself00:26:21
computer or TV and you have it00:26:23
endlessly updated and you say that00:26:26
this one is a bit expensive, sometimes it's two expensive00:26:29
1 expensive it seems to me that this is not what it is00:26:32
costs00:26:33
this one this one kind of expensive how do I like it00:26:36
I share00:26:37
the second type is expensive, for example I would00:26:40
I took a taxi, I can afford it00:26:43
take a taxi but today is now00:26:47
it's expensive for me here00:26:49
understand yes the difference so if you00:26:52
Do you think the program is not worth it?00:26:54
you are mistaken there is not a lot of money invested00:26:57
the amount of resource strength and the format itself and00:27:01
the actual conditions for training00:27:04
it costs a lot more now00:27:05
the program comes with a 50 percent discount00:27:08
if yours is expensive, this is the second most expensive00:27:10
when can I just right now in this00:27:14
unit of time, well, I don’t have it, for example00:27:16
this amount although I like everything without00:27:18
It’s just a problem to apply for an installment plan00:27:20
I repeat that it is interest-free00:27:23
split payments into if does not change00:27:26
memory 2400 there with some00:27:30
in tiny pennies up to 2438 rubles per00:27:35
month is also your first payment00:27:37
it will be in the twenties of January, I'm sure00:27:40
is that no matter who you are00:27:42
where do you live who do you work what00:27:45
if you study, 2400 rubles per month is possible00:27:49
always make money so unfortunately00:27:51
I have to disagree with you on the bonds00:27:54
comments you Vladimir I thank you00:27:57
Vitalik Orlov asks is it possible?00:27:59
pay monthly or annually00:28:01
thank you vitalka thank you very much for00:28:03
this question you can pay all at once00:28:05
program if you don’t have all the money without00:28:07
problems, you arrange it all through banks00:28:09
fortunately, we cover all interest for you00:28:12
that is, the final payment to the bank is outside00:28:15
depending on00:28:16
is it one year or two years exactly the same00:28:19
58 thousand 500 rubles for the entire annual00:28:22
just choose the program00:28:24
start solely from your own00:28:26
budget is in the moment00:28:30
Mark writes the program top will wear Mark well00:28:33
take it in installments00:28:35
I'm sure that in two or three months00:28:37
money will appear money will come as00:28:40
or according to this song they leave it00:28:42
it’s normal that they may not be available at the moment00:28:45
maybe it's normal too00:28:47
your situation doesn’t surprise anyone00:28:50
now there is an opportunity to get something00:28:53
beautiful00:28:54
50 percent discount next time00:28:58
the same conditions will be in a year you are for00:29:01
this year they could already change two00:29:02
the work is already working just great00:29:05
employee above while doing00:29:08
my favorite thing about programming is this00:29:09
take a deferment just take the payment00:29:12
divide it into 24 parts and after a month00:29:16
only there will be only 1 in the amount of 2,400 but00:29:19
okay, the truth is 2300 rubles, well00:29:23
stop stop it really don't00:29:26
I'll stop selling codes at school00:29:31
I can’t say that the games are from the late 90s00:29:36
2400 rubles a month but I earned00:29:40
you can always find much like this00:29:43
become an information programmer00:29:48
database technologies and all this already00:29:50
it was guys everything is repeating itself ok very00:29:56
had a great conversation with the guys00:29:58
answered all questions in about 30 minutes00:30:00
listened to all my delusional and now the best00:30:03
the result can be consultations00:30:05
victory deserve a bonus00:30:07
Thank you Ivan Sevastyanov writes to me00:30:14
the consultant himself said to wait for the end00:30:16
Well, you too tomorrow, my husband and the coils00:30:20
we'll make sure they don't misinform00:30:23
microgrids in one format but also time in00:30:25
that no they didn’t do it on purpose Ivan00:30:30
wrote yes Ivan I read the comments00:30:32
about waiting for intel to finish00:30:34
sat down just in case leave again00:30:37
application tomorrow with all my00:30:39
colleagues say tomorrow we are all together00:30:42
let's go out as a friendly family and work with00:30:44
everyone communicate perry advise00:30:47
Tomorrow I know it's Saturday a lot of trouble00:30:49
because December 31st is a working day00:30:52
so I'll have to go home tomorrow00:30:55
clean up and buy some gifts there00:30:58
things to do in general everything tomorrow this00:31:00
we will study together in parallel00:31:02
consulting the program therefore00:31:04
so leave it just in case00:31:06
chelsea fan the application will be fine00:31:11
Dmitry is asked to do so00:31:14
I called Dmitry00:31:16
this is very flattering, I'm absolutely sure00:31:19
what is certain is that my colleagues absolutely00:31:22
they definitely know as much about this as I do00:31:25
program especially since they love their00:31:29
work and might actually be somewhere00:31:31
knows even more than me, so feel free00:31:32
leave a request for you I will choose because00:31:37
all my colleagues are the best00:31:39
but I will choose the best among equals for you00:31:43
Larkin writes such words better himself00:31:49
study books tutorial and if you00:31:51
courses on websites are more profitable than words completely00:31:56
I agree with you but this is all very important00:32:01
depends on what goal you set00:32:03
before training if this is some kind of project00:32:06
for yourself and you don’t expect money from him00:32:10
the power of some huge amount00:32:13
information at the moment you can probably go there00:32:15
learn it on your own at least00:32:17
free question about what you expect from00:32:20
the program itself, everything is simple with us00:32:22
we have experts we have support we have00:32:25
there is a job guarantee we have00:32:27
many many many people who work00:32:29
so that as soon as possible the person00:32:31
got certain skills and we take00:32:34
but it's money because it costs money00:32:36
the question is why are you going if for you00:32:38
programming this career and career with00:32:41
absolute confidence that you are her00:32:43
you can build it quickly, come to us00:32:46
pay money we will be happy to help you00:32:49
if it's more of a hobby00:32:51
some distant know how often00:32:54
sometimes there is a separate folder somewhere in00:32:56
In my browser it is called for example00:32:59
At night, looking at it there is order, it seems to me00:33:01
blue thousands of videos from youtube and which I00:33:04
every time I promise myself or watch it00:33:07
or look unfortunately00:33:09
self-study very often00:33:11
leads exactly to this folder with seven00:33:13
thousands of videos that you have never seen00:33:14
don't look at life but their presence is00:33:16
gives you some00:33:18
It seems to me that inner strength is temporary00:33:20
although it doesn’t play any role therefore00:33:22
the important thing here is to just decide why you are00:33:24
let's go study, I'm in tenth grade00:33:34
can I combine your school course?00:33:37
the same one writes in a useless program00:33:40
he doesn’t want the ruble school curriculum but00:33:43
until usually you can become a member of our online00:33:46
combining schools and the school method is very00:33:47
good time to start that00:33:50
when studying yes yes friends thank you very much00:33:58
I said everything I wanted to say00:34:03
I think we're ready to move on00:34:07
really starting what needs to be done00:34:13
we need to write a server today to00:34:15
there was something to break and to feed it00:34:17
it's extremely easy to do, eat as always00:34:19
the necessary library that already has everything00:34:21
the library made us so that00:34:24
do servers they are usually called free00:34:26
slides and there are two most popular ones on00:34:32
food free bar to this laska and djungar00:34:34
the market between them is to00:34:37
Lask is very simple and django is very00:34:39
complex00:34:40
there are a lot of different things written there00:34:42
modules that make your life easier and00:34:44
they directly provide their ideology about00:34:47
how to write to write servers on00:34:51
bag end and it's cool with pleasure00:34:55
I would tell you about dzhang00:34:57
but our task now is to do this00:34:58
as quickly as possible so we will move on to00:35:00
flassu00:35:01
Yesterday we went to a class00:35:04
dad's website. lesson and searched here00:35:07
libraries00:35:08
and the following library which us00:35:10
interested in the name of the flask it looks like00:35:14
server on flasks like this00:35:16
I'll increase the hour to watch what to do00:35:19
start the server that will be for you00:35:22
give hello world00:35:23
roughly speaking, you need it in the browser00:35:25
import from flass when00:35:27
corresponding object corresponding00:35:30
class for creating00:35:31
application and define this one there00:35:36
the resource address is just simple and basic00:35:38
which this clone will give yo everything00:35:40
he takes it and goes down with the help of such00:35:43
libraries I have already prepared the server code00:35:46
you and I are just on it now00:35:47
Let's look at the code, I got forty00:35:51
three lines00:35:52
let's read it accordingly in00:35:57
in the basic version everything was the same00:35:59
the only thing is that it’s my very first time and you00:36:02
first what is it called in jargon00:36:06
as a programmer the very first view of the move00:36:08
like this again view before viewing she00:36:11
it's called challah and it gives us back00:36:14
statistics statistics of attempts and successes00:36:18
we just need inputs00:36:20
today with you to observe what00:36:22
generally happens and then I determined00:36:27
function and the court did it too00:36:29
at least one that works using the fasting and00:36:32
if we heard send 2 with information00:36:36
in which there will be a login and password, by the way00:36:41
here meniji by Sonechka is used00:36:42
some kind of shape, well, I promised you a sofa00:36:46
so it's all just Jason now00:36:48
let's rewrite yes, that is, we had some kind of data there00:36:51
there was some kind of request. Jason00:36:56
this request has. Jason was00:36:59
matched the login and password in this00:37:03
in the case of login, yes this is the login here00:37:08
in principle nothing complicated, but in the case of00:37:10
password00:37:11
This00:37:12
password x rebirth00:37:16
role like this then00:37:21
when the login and password are known00:37:24
it is necessary to check whether they are valid00:37:27
In general, this is usually done by connecting bacon00:37:31
some database where it's all00:37:33
a simple database is stored here00:37:36
I just used a file, I didn’t use it00:37:38
hard goat right here in this file00:37:40
like we did yesterday just because00:37:42
I will need these passwords eventually00:37:44
update and to ensure that this server is at least00:37:46
start every time yes it all came out00:37:48
I brought out the file, it also consists of, by the way00:37:53
presented as jason is here00:37:56
keys and values as login keys00:37:59
as password as value00:38:03
password and we just open it with00:38:05
using this design in Python00:38:07
we load and we can continue like yesterday there00:38:10
check if each other matches00:38:11
login and password to explain what00:38:14
So this design is here00:38:16
a small example painted which on00:38:18
it actually works exactly the same way00:38:21
opens a file using the open function00:38:24
read its contents with help at close range00:38:26
glasses jason because the same dream and00:38:28
then closes the file the only thing00:38:31
this is the closing of the file which is00:38:33
very important because every time00:38:35
request to open a file and not close it00:38:37
it could be deadly00:38:38
for the server and00:38:41
just to remember to do this00:38:43
came up with a design from which00:38:46
will execute the opt-in calls for its result00:38:49
functions users file and the output from this00:38:51
Pavel will simply close the block behind her00:38:54
this is a special whist design00:38:56
which00:38:58
in the case of a function it behaves like this00:39:01
finally closes this00:39:04
the file is open and what happens next00:39:08
now since we users read from00:39:11
bessonov python object they00:39:13
turned into just a dictionary00:39:14
we take login we take password00:39:20
corresponding to this camp and00:39:22
compare it with what they sent us00:39:24
the only thing they do here is check00:39:27
that this login exists and if everything00:39:30
went well, we will increase our counter00:39:33
good luck by one and note that the status00:39:36
code 200 aw if the check is not00:39:42
succeeded then we will answer I put 4 400 first yes00:39:46
this is a special code with typical00:39:47
situations when you are not logged in00:39:51
accordingly this thing turns around00:39:54
special response object which00:39:56
turns to pick up and now the Spaniards00:39:58
and goes outside and but what's here00:40:03
something else interesting happened, and also when00:40:07
every cast I have a certain amount00:40:08
attempts increased by one00:40:10
I'm just in the dictionary this one00:40:12
are stored at the end I have a launch00:40:16
this server, that is, the application is needed00:40:19
be sure to run it now00:40:22
I'll try python if possible00:40:25
restart applications because and00:40:26
I changed the code and she offers me a tail00:40:31
immediately on which this site is available00:40:34
this is the localhost of the local computer00:40:35
available only on our flame00:40:40
running computer, that is, you00:40:43
I will have my own so that he00:40:45
has become global, it still needs to be there00:40:48
public stove maker allocate and herd 70100:40:51
this is what it says that means yours00:40:55
local computer buy closed allow00:40:58
users to the key to attempt 0 1 0 this00:41:02
worked in yuha the very first if I still00:41:05
I'm confused here, I should write the html code00:41:07
there was another beautiful site here00:41:09
displayed but also00:41:10
Now they themselves are not at all interested in it00:41:15
attempt points 0:00 was 0 we are coming soon00:41:18
Let's turn to the north and watch00:41:21
Let's try this with these statistics00:41:26
write a simple request to this server00:41:30
aus, and at the same time we’ll see how it should be00:41:33
looked like homework00:41:34
well let's just try first00:41:38
turn to 701 and let's see what it is00:41:41
in general it turned out so you and I yesterday00:41:43
stopped at what they tried to Google00:41:46
contact us and let's do the same00:41:49
files00:41:50
Let's add what needed to be done there00:41:52
homework was just needed in a cycle00:41:56
the guys who figured it out00:41:59
guessed that there is a range function00:42:02
which00:42:03
let's send a request 10 times which00:42:06
accepts input accordingly00:42:08
some kind of cleaner and as a result it gives00:42:10
and the required object by which you can00:42:13
walk as many times as written00:42:16
there may still be cotton wool in these brackets00:42:20
or on and meaning let's what are you there with00:42:21
some steps to walk and but this is now00:42:22
it doesn’t matter and let’s say a thousand times00:42:27
sent a request to Google00:42:28
this would be a home solution00:42:30
the assignments were quite correct00:42:33
don’t even write prints and don’t even write00:42:36
texts00:42:38
in this even simple version where are those00:42:42
who hasn't figured out the design of the ranch00:42:43
just rewrote it into while loops there00:42:45
we have studied everything you need to know00:42:48
there would be a variable thousand defined00:42:50
times and increased and in the end she00:42:52
would exceed a thousand00:42:53
and requests and stopped and so on00:42:59
now interested we want to send00:43:01
request http 127 001 well just above but00:43:08
flash and now we want in the answer00:43:11
get on the frequencies yes let's do the same00:43:13
like last time you see the text00:43:15
which turned out there00:43:19
bubbles max 3 three sitting yes I am of course00:43:23
same for was port specify port specify y00:43:25
we have a server running there with 5000 on board00:43:28
by default if the port and indicate this will be00:43:31
80 if you want accordingly00:43:38
forgiveness a little spill therefore00:43:40
Nikita monument passed continues00:43:42
narration and it's my turn00:43:44
I gracefully leave the frame of my computer00:43:52
expressed and did not die for the night we continue00:43:54
if you want your server to be00:43:56
accessible without any port then questions00:43:59
should be banned in the eightieth so00:44:02
here we write the five thousandth ford00:44:05
run this thing and it goes00:44:08
make requests makes makes makes and00:44:11
this didn't stop in the end00:44:14
we brought everything out, we counted everything, so00:44:18
Let's check the statistics for now00:44:21
check because we are not on00:44:22
request authentication is now00:44:25
to send a defecation request to us00:44:27
you will need a post request and there we are00:44:30
In the end we don’t return any text00:44:32
we return only status code therefore00:44:33
let me show him here and take him out00:44:36
Why does it tell me that this is a status00:44:37
the variable code is called case here with00:44:41
what we did now, yes it would be00:44:43
Code 200 let's try now00:44:46
log in and so this is a post request this00:44:50
just a request, we send it to slash aus and00:44:55
we still need to transfer Jason to there00:45:01
the request library already has its own00:45:03
like a tool for00:45:07
translate this Jason into the correct one00:45:09
request yes it is distilled there special00:45:12
way the line he packs it in00:45:15
I’m adding this very request for you there00:45:18
hidden content type Jason there and so00:45:20
then we just need to pass up to00:45:23
fame as if but don’t do everything like that00:45:27
these are operations with strings00:45:29
operations with objects yes using00:45:31
jason dumps when it's all line00:45:33
it will come in handy, we're just passing on some00:45:35
login and password were given and we went logging00:45:39
colon let's say let it be admin00:45:42
let's admins crack the password00:45:46
well let's be 12345 12345 suddenly00:45:53
ride and so requests always fly00:46:00
200 what if we mixed up the password00:46:02
If you wrote 123456 you would get 40000:46:07
the first error up to 1000 times in a given . But00:46:12
All that's left is to learn how to sort00:46:15
different passwords yes using ours00:46:18
the same cycle until, accordingly, they00:46:20
come up and give me your permission00:46:25
I'll create a new file because in 0400:46:28
request a lot has already been written here00:46:30
interesting00:46:31
we won’t write anymore and so you’ll add00:46:35
new file and let's name it like this00:46:40
and we will do yes but let there be a hacker00:46:42
pie and accordingly here here here00:46:49
we need to do something like this00:46:52
the only thing is that it will no longer be00:46:55
loop do for i in range 1000 this will be00:46:59
the cycle was a corpse and you won’t get out of it00:47:01
then when the loop condition ends a00:47:04
then when this status code is ours00:47:08
called let's make it all00:47:11
looked like we read I will do everything according to00:47:14
parts so step 100:47:15
we are preparing to00:47:21
everything goes well and so on00:47:26
equals next request were close to00:47:33
post is sent this is this this is this00:47:35
then we get some response from00:47:39
this request and then check if it is true00:47:41
Is there a status code for this response for 20000:47:46
if this is so then we have achieved success00:47:51
that means you did what we did, we solved the problem00:47:58
print the found password password is equal to00:48:06
and access the video which you00:48:09
guessed yes we assume that the password00:48:12
we will constantly change that is, we have00:48:15
here there is some password variable00:48:17
which are equal to something and natural00:48:21
assign 9 well, some interesting00:48:24
us this is the meaning so let's do it00:48:30
as follows i password initially00:48:32
I created it here and I’ll pass it on here and00:48:36
if he comes up, we can quickly get ours00:48:39
withdraw00:48:40
By the way, in Python 3 8 which came out here00:48:44
just recently this last scene00:48:46
there was a release there you can print with this00:48:50
syntax and it will be the same00:48:53
password is00:48:55
and then you just interrupt our cycle here00:49:00
actually nothing from what we were yesterday00:49:02
didn't pass I didn't use you00:49:06
that's all, but if the status code is not equal00:49:09
200 before and the cycle has not finished means we00:49:11
you need to take the following password00:49:13
let's just sell this now00:49:16
this code it works i just00:49:19
password and assigned the correct password and00:49:21
it seems like the second time he should00:49:23
work well and let's say yes here it is00:49:27
in case it didn’t work out yet to print about00:49:29
the fact that such and such a password did not work, yes you00:49:34
didn’t fit, went on and on, but here we’ll write00:49:41
that the password turned out to be such and such00:49:46
describe so as not to forget and so and so00:49:50
I run this code 401 401 401 yes this is00:49:58
was last files sorry it was 0400:50:01
request we need to run hacker pie00:50:04
hacker pie 1 didn't work 2 worked here00:50:09
so it seems like everything is possible now00:50:14
we need to start brute force passwords for this00:50:18
I need to write something00:50:20
some function that we will need00:50:22
to return the next password by the way is all that is now00:50:24
I say for passwords and also suitable for00:50:27
login00:50:29
it’s like, well, it will be possible to have a mirror one00:50:33
do not rewrite it and give it to him for input00:50:34
only login and also password and00:50:38
and not only the password and login and sort through00:50:42
Let's say that along with passwords there is also a login00:50:43
thereby completing and so he immediately00:50:46
there are a lot of users but in general there00:50:48
We will have the brute force algorithm00:50:50
about the same so the first thing we00:50:54
let's do it00:50:56
let's write a function write a function 300:50:59
which will return the following00:51:01
password00:51:02
let's assume that we have00:51:04
We store the video with the current password yes00:51:10
it is stored in some variable00:51:13
it will be equal initially00:51:17
empty password then we will write00:51:21
function next passport text password00:51:24
which one will be worth it00:51:27
the recipient stands at the entrance and then she00:51:31
will do some actions here00:51:33
something strange is going to happen here00:51:35
and then we'll be at turn to do up00:51:39
new password 200 updated00:51:43
an updated password is also worth it00:51:47
in order for it to be worth changing, we need it00:51:50
declare as global variable00:51:54
global because otherwise we want now00:51:59
change the value in the internal block00:52:02
variables that are declared as caught00:52:04
and for this we need the function but also00:52:07
global directives to roughly00:52:10
saying get access to it given00:52:15
export from 100 it costs approximately00:52:20
also not an argument, but we just have it00:52:22
announced as global is rude to us00:52:24
speaking, there is no need to know what we were worth00:52:27
just here in our cycle the corpse of the role00:52:29
assign a new password to this password00:52:33
we don’t need our own, we’re just doing this00:52:37
move to the beginning00:52:38
Let's remove it from here and accordingly on this00:52:43
I'll just have to find something00:52:46
which will constantly update our00:52:50
roughly assign a new site to him00:52:52
the password is 12345, now we’ll write it down00:52:57
so that it works and it works sphere00:53:02
development so now what is needed00:53:06
it's still worth doing00:53:07
update need to write some00:53:09
What are password generation algorithms?00:53:13
password generation is00:53:15
sequence of actions that we00:53:17
at every step it will issue every00:53:19
new password and we need to transfer you00:53:22
in general all passwords are because we write00:53:24
brute force yes that's all00:53:27
What kind of passwords are there in the world?00:53:32
need to start with both art and00:53:34
line then iterate through all00:53:36
1 character password and then sound00:53:40
character passwords and so on so on00:53:42
so on and we have with you now00:53:46
there is some kind of alphabet there in 123400:53:51
some numbers then there are letters00:53:54
stupid little ones can be big ones00:53:57
be punctuation marks are some hidden signs00:54:02
hash marks system symbols in general everything00:54:04
anything and more00:54:07
our alphabet for the expected date is greater00:54:10
we'll have to go through it because if00:54:12
let's say, but here we have an alphabet00:54:16
how many 33 letters are there in the Russian alphabet?00:54:19
if we were to iterate over all 200:54:23
We would need symbolic passwords00:54:25
thirty three times 33 it's there00:54:28
a lot it's more there are thousands at least00:54:30
to the best of our ability, what if we took00:54:33
Russian letters here, Russian letters00:54:35
which are not small but then also big00:54:37
numbers then English letters which00:54:38
small big we could do it00:54:41
alphabet consisting of how many00:54:45
well there are more than hundreds of characters for sure00:54:48
yes honestly more and more than 200 characters and00:54:52
imagine 200 to 200 is already 4000:54:54
thousand of this 40 distribution sort out 200:54:56
today breed a to 3 characters00:54:59
go through it even more time on in00:55:01
in general you need to do a lot, a lot 1000:55:04
as we will now explain the concept00:55:06
I suggest we limit it very much00:55:09
alphabet take only numbers and say00:55:12
close small letters and agree00:55:15
that other passwords you just don't forget00:55:17
it will be a little easier, first of all it's00:55:21
will cover not sure 90 percent00:55:24
all kinds of passwords that exist now00:55:26
in the Internet00:55:27
this is exactly why it recommends00:55:30
permanent site choose this password00:55:32
which includes itself where the letter is on00:55:35
a strange letter of some kind of symbol00:55:37
a space is required in the same place as the number in general00:55:39
some kind of game00:55:40
but to cover 90 percent00:55:43
you just need to take a password00:55:45
small bean and small numbers and that means00:55:49
we will now compose such an alphabet00:55:52
and try to go through all possible00:55:55
passwords let's do it now00:55:58
let's fix00:55:59
and let's take a short break because00:56:01
what I see is that it's already too much00:56:04
information received that is necessary00:56:07
remember and so let's write down of bad00:56:14
what is spelled differently capture will sign00:56:17
alphabat and list all the characters here00:56:20
which we want to use with you is00:56:22
0 1 2 3 4 5 6 7 8 9 of course00:56:25
and symbols of close efreet, by the way00:56:28
of paid they even have a built-in00:56:30
a tool to simply00:56:32
import this line with all00:56:34
in letters, well, we don’t mind and hang f g00:56:38
h i j k l w x and z well, it seems, it seems00:56:49
all 26 then there should be how many grandsons00:56:52
forces of 25 missed something and infuriate f g00:56:57
for these groups, you see we have and00:57:03
now we will start from this alphabet00:57:05
create all sorts of different passwords00:57:08
starting with simple ones and ending with00:57:11
and so we have recorded this now00:57:14
moving on to the question by the way Max00:57:16
had to be kicked out because he was a watershed00:57:18
in their own eyes they will most likely fire you and we00:57:20
we continue to conduct our webinar with you and so on00:57:26
for questions about what we have here00:57:33
fixed it very conveniently00:57:36
visual studio needs to be installed00:57:39
to be honest, not using visual studio00:57:40
drive through and chapman i think the most00:57:43
new and free this is definitely enough code00:57:47
ask in chat write yourself remember00:57:48
screenshots let's look at all the code00:57:51
I'll write today, I'll even send you the code00:57:54
which we wrote yesterday, I’ll also send it off00:57:56
this will speed up your writing a lot00:57:59
homework00:58:00
so don't worry about that00:58:03
right now we're kind of writing everything00:58:10
we need all the improvements that are in00:58:12
during today's webinar I will do00:58:16
I'll throw it off at the end because you never know00:58:18
let's change that and so the right corner so that00:58:25
man the recipe is like schoolchildren00:58:27
manner of speaking nothing funny00:58:30
interesting interesting interesting yes everything00:58:33
want to look at the code the code will be in00:58:37
don't worry at the end of the webinar00:58:39
There is no screen sharing yet00:58:41
we'll suddenly find the meaning of life here, what is this00:58:43
the problem has already been solved at least00:58:45
on my broadcast you can see exactly where everything is00:58:49
come in, you need to open the head of cabbage00:58:51
just create a new project where you can00:58:54
between them they did if you don't open00:58:56
how much so I think you'll figure it out00:59:01
teenager from a new situation00:59:03
suggests writing code to discuss the file and00:59:05
simply and simply writes so let's go00:59:16
give birth further seems to answer all the questions00:59:20
replied which ones noticed first00:59:26
what you need to do is write it with00:59:29
you can disassemble the algorithm as we will00:59:30
do00:59:31
the algorithm is not simple, it is00:59:37
that we must, roughly speaking, sort through everything00:59:40
all all all passwords and00:59:43
how would we do this with you, there are two ways00:59:46
100:59:47
very easy to understand but very complex00:59:51
in implementation and the second00:59:53
a little more difficult to understand but00:59:55
very simple implementation we are with you00:59:58
let's choose the second one but also from him01:00:00
Let's talk about what needs to be done01:00:03
simple case01:00:04
just imagine what you have at home01:00:08
there, don’t imagine it sooner01:00:11
in total there is a hot water meter and01:00:14
on this counter there are numbers 009801:00:18
then some more I can’t spin01:00:20
constantly every time something01:00:22
spend01:00:23
it increases in units01:00:25
the first reel increases first01:00:28
when the numbers run out he01:00:30
updated and then incremented01:00:33
second drum and so on and so on and so on01:00:35
then they increase and all the numbers01:00:38
they're sorting it out if we're on an imaginary01:00:41
borman let's put all the numbers together01:00:45
symbols of our alphabet and let's start it01:00:48
twist and when it ends we01:00:52
let's increase it roughly speaking and add more01:00:55
one digit then start spinning again01:00:58
the first reel increasing by 2 units01:01:00
then again again again then01:01:02
the third digit will appear and so on and so forth01:01:04
further and because of what is needed there01:01:07
constantly look at what numbers you need01:01:09
update this implementation goes out01:01:11
somewhat non-trivial01:01:12
but in general there is a second principle to understand01:01:17
approach he was mathematically therefore01:01:21
it's a little more difficult to understand, remember you01:01:24
explained at school so that in computer science01:01:26
that there are different number systems01:01:29
here you yourself use children's personal01:01:31
numbers from 0 to 9 where ten is already01:01:35
next rank01:01:36
there are numbers 2 and ranks when there are01:01:39
only 0 unit and this is roughly speaking01:01:42
processor, all impressions are carried out with01:01:44
with help or a unit for a computer in01:01:46
built-in, let's say01:01:48
hexadecimal number system01:01:51
includes more than just numbers01:01:53
more precisely zero one two three four five01:01:55
six seven eight nine01:01:56
included01:01:57
yourself in fiery numbers is a b c d e f01:02:01
and so you and I suppose we think01:02:05
Hexadecimal number system01:02:06
somehow look like you're getting to you from01:02:09
fields up to nine then take not 10 but01:02:13
then we take then we take b then we take c01:02:15
d e f this is where the discharge ends and01:02:19
then we move on to01:02:22
well, to the next level it will be there01:02:26
something is written that looks like01:02:30
we have 17 16 impressions looks but01:02:34
looks like 10 before it looks like 1001:02:38
guilt is actually 17 and so on then01:02:42
there are 10 11 12 and and so on so on01:02:45
there 19 then 11 b01:02:49
Well, so she gets over and gets over and01:02:52
moves overall it looks like01:02:54
the same counter however we are in01:02:59
programming we can easily translate01:03:02
numbers from children from the decimal system01:03:04
calculations as you and I calculate in01:03:07
hexadecimal just has to be there01:03:09
divide by 16 and choose01:03:11
appropriate rank now let's01:03:12
let's assume that we don't have01:03:13
hexadecimal number system01:03:15
and here is the one we need here01:03:19
the alphabet now consists of 36 characters01:03:21
here we have 36 river systems01:03:24
implementation will be and we will be rough01:03:27
saying our counter should be set to normal01:03:30
decimal number system and then01:03:32
we will translate this whole matter into01:03:34
hexadecimal so we01:03:37
we'll sort it all out for you, let's go through it all01:03:40
write so let's have understanding01:03:44
really very good let's write first01:03:47
decimal function01:03:50
into the number system of our alphabet then01:03:54
there is that function will be called that of a01:03:59
bad something like this alphabet and she will01:04:05
accept some decimal number01:04:07
let's find out about him and what's wrong with him01:04:11
we need to do something with it, here we have it01:04:12
n and we need to translate it somewhere like this01:04:18
so so so so what to do what to do01:04:20
what should you do first?01:04:22
the matter is divided into a number system yes01:04:25
that is, the length of the bass alphabet we have01:04:29
will be the length of the alphabet and then look01:04:37
what number will be the number which01:04:40
it turned out to be the remainder accordingly01:04:42
is the first rank of the car itself the last01:04:45
digit of the number which was the number which01:04:50
what remains is that we need to divide it again, but01:04:53
I didn’t move anymore and yes she moved01:04:55
this is squared so to calculate01:04:58
next rank and so on until that's it01:05:01
this thing won't end, let's go with you01:05:02
let's try to write here we have n and01:05:07
we need to divide it into 2 parts01:05:11
the first part is the remainder01:05:14
from bis division, that is, we divide by01:05:18
bass and try to take the remainder from the nickname01:05:20
divisions in the patina this is done using01:05:22
bars here let's kukan pythons01:05:25
How much will we open from below and we’ll be there right away?01:05:26
check what we write, let's say we have01:05:31
89 and we want to check the remainder of01:05:35
dividing by 80 will be natural01:05:36
nine but let's say we have a number there01:05:41
let's say 38 and the number system 36 is01:05:46
there will be a deuce, the remainder will be 201:05:49
accordingly, the number 36 will be there01:05:52
it’s easy to translate there into z number 37 already01:05:56
will be converted to one but will01:06:00
it will be 10 it turns out like this look01:06:05
let's see how it works, that is, the remainder01:06:08
this means we will have an arrest n01:06:11
percentage bass and then calculate01:06:16
exactly how much do we have left?01:06:18
in the whole part, that is, this is our whole part01:06:22
I forbid calling the part the same as the integer01:06:25
well let's keep it simple and that's n01:06:30
divide by bass and we are interested now01:06:33
integer division integer01:06:34
division in the third food is carried out01:06:37
using two sticks, that is, let's say 3801:06:41
divided by 36 it would be one if you01:06:44
wrote one shelf then we would get in01:06:49
floating point number01:06:51
is the exact result of division but01:06:54
we don't need it now by the way in python 201:06:57
regular slash this is division01:07:01
integer they01:07:04
private honest 90 produce parts01:07:07
departments in the second who do not need to01:07:09
the first number was also a floating dream01:07:11
dot or the second is why you all deviated01:07:15
caress Peter, he interests us01:07:17
let's say integer division there01:07:19
such a number when integer division by01:07:21
this will be the number, well that's all01:07:24
subtleties and so we figured it out and01:07:27
then we need to repeat this procedure01:07:29
until it becomes zero, that is, let's01:07:34
open we write while n is not equal to zero01:07:38
not equal to zero we what will we do01:07:41
let's rest calculate the remainder of division01:07:45
and then at the same time we will take01:07:48
let's divide it by the way, it's interesting01:07:51
Is it possible to write something like this in the end?01:07:54
It’s possible, but of course it’s completely confusing01:07:57
let's leave these remnants of the department you01:08:00
we'll just add to our01:08:03
our final number which is in the end01:08:05
it just turns out to be a string01:08:06
that is, we have a reason that01:08:12
initially equals the empty string and then01:08:15
we think about this arrest01:08:18
start of line before since first01:08:21
determine the last digits and then01:08:23
the first ones we always need to determine01:08:25
forever it must be started01:08:27
lines that is, the reason is assigned to this01:08:31
arrest which we will transfer into force from01:08:35
using the alphabet yes that's just it01:08:38
the number in order in our alphabet is01:08:41
will be the rest of this 300 plus what was in01:08:45
result before this01:08:47
in this way in this way in our01:08:50
at the end the number converted to01:08:55
new number system01:08:57
now we will test it with you01:08:59
re-therm turns out to be a resort & spa resort01:09:04
I'll just copy this entire function now01:09:08
into a Python narrow console and we are right here01:09:10
we can test the01:09:14
alphabet up function is called us and01:09:17
we will give different numbers now01:09:19
see what happens01:09:21
suppose I pass zero memes to01:09:26
Of course we need to give him this one too01:09:27
alphabet01:09:28
this alphabet is ready for lunch01:09:34
from 0 will be an empty string but immediately01:09:38
ended from one which will be equal01:09:41
from one will be equal to 1 diment here we are01:09:44
we see the mistake right away because01:09:46
the zero has not disappeared anywhere, that is, well01:09:49
let's say everything seems to be fine01:09:50
will be up to a deuce will be converted to a deuce01:09:52
three will turn into three and so on01:09:56
so on so on ultimately01:10:00
even what we want to achieve in say 3501:10:03
will be z well yes we have a share01:10:07
all numbers are counted, this will be 3601:10:11
it will already be 10 before it's one01:10:15
this is actually a 36 zero this is a zero 3701:10:20
this is 36 plus 1 that is01:10:25
one multiplied by one plus 1 and so on01:10:29
on and on and on01:10:31
let's say there will be one 7101:10:35
z72 is already 20 and so we are in this01:10:40
we turn the counter and go through it01:10:42
in general everything that is in01:10:44
all passwords that can be created01:10:46
using this alphabet all the lines are yes01:10:50
actually they say we want them as a password01:10:52
use this simple one01:10:55
algorithm01:10:56
so we take it turns out we subtract the base01:11:00
which is the basis of even the system01:11:03
We take the number base of the number system in01:11:08
cycle it turns out we calculate the remainder of01:11:10
division is our first digit then01:11:13
add it to our result and01:11:15
move on to the next level01:11:17
the only thing that's bad is that it's that01:11:22
what is the case between zero and zero?01:11:24
the impression is being carried out incorrectly01:11:26
there's really no pan here01:11:29
I want because at the end we01:11:33
should win royalties when01:11:34
this one will still be zero in the end01:11:36
so all I suggest is to do this01:11:40
just write what if resort01:11:42
turned out to be zero the resort turned out01:11:47
like this empty zero date you need01:11:51
this bar is gold, go grab a zero01:11:56
we get to this way zero of course01:12:01
the same line because now everything is a line01:12:04
now it will be often for negative ones01:12:07
numbers will work unpredictably until01:12:10
130 now not interested in stages about it01:12:16
we wrote the only bug with a zero01:12:18
we fixed it and now you can, well, roughly01:12:21
saying to fly means now it is necessary01:12:29
constantly increment by one01:12:32
in the decimal number system and01:12:35
give the next password all the time01:12:37
remember we started with you and we01:12:40
wanted to use it directly as a password01:12:42
but in fact we have01:12:44
this element 1 means it is in01:12:46
decimal number system01:12:47
we will give the password as a string in01:12:51
form of the number system of our alphabet01:12:53
then it turns out let's stand it01:12:57
initialize with some zero and01:12:59
it's best to minus one to because01:13:01
The user can also have an empty password01:13:02
stand01:13:03
he has a minus for this purpose now01:13:04
We will prepare one unit, we take global01:13:07
worth it you should call him01:13:11
it turns out to call him and so all the same01:13:17
we won't do it because then you01:13:18
see low forced to transmit not01:13:22
I'll be right away hard cat let's do it right away01:13:25
it's worth transferring to tov lunch the one that costs01:13:27
we have that is, we take call to01:13:31
love a bad at state and we return it rudely01:13:36
saying this object as01:13:41
results of function a is worth01:13:44
increment by one01:13:46
we say it costs plus equals 1 we write like this01:13:50
By the way, you can simplify it even more01:13:53
if you do it in the first place it’s still worth it01:13:56
minus one as I wanted and then01:13:59
this one is worth it first01:14:01
increment the result after this01:14:03
returning it is a little less intuitive01:14:06
but it shortens the code a little and so on01:14:12
let's return it to how it was01:14:14
I like this option better and will try it01:14:17
it's a matter of sorting out now if we01:14:21
By the way, we also want an empty password01:14:23
figure it out, here's how to solve it01:14:25
we are as a password01:14:27
let's assign in history the next one will be01:14:29
say generate only at the end and and01:14:36
then initially we will carry out all this01:14:37
procedure with an empty password and then01:14:40
let's carry it out and then take the actual 001:14:43
password and then 1 2 and so on so on01:14:45
so on and so on01:14:47
let's pick up some videos, let's try01:14:48
run this thing python us like him01:14:51
how much do I need to call the terminal01:14:54
hacker pie so she went to try all the passwords like this01:14:59
So she went through all the passwords01:15:02
101:15:03
northern 2 civil came to 3 ethereal01:15:06
and this thing lasts with you for quite a long time01:15:09
as you remember from the admin01:15:11
the password was one two three four five01:15:13
I'll stop this matter now, let's go to our01:15:17
Our server remains the same01:15:22
yuterra password 1 2 3 4 501:15:26
food five figures we of course01:15:30
we'll get there today, well, we're just now01:15:31
any changes you need to make along the way and01:15:33
it will still be quite long01:15:35
so I suggest breaking better01:15:37
user with a simpler password01:15:39
to blow too long just don't01:15:42
shared when you put this and01:15:44
of course there at home you can make it difficult01:15:47
password and breaking nothing bad there01:15:49
it will just be necessary to wait longer01:15:51
As for the passwords, by the way, they are long there01:15:54
In general, you'll have to wait a long time, that's all01:15:56
longer and longer and longer each new one01:15:58
the figure is essentially01:15:59
increases the waiting time by 36 in a given01:16:03
case, that is, the longer your01:16:06
the more difficult it is to find the password01:16:08
using brute force it's not all over you01:16:11
mock every market of ever get01:16:14
really good rules01:16:17
security so I'm a server for some reason01:16:20
restarted I don’t know why let’s do it01:16:23
Now let's try to turn to God.01:16:30
having received his password dog and so on as01:16:33
login as login01:16:36
we will take it and transfer it as01:16:42
Well, I wouldn’t know the password in the same01:16:44
designs by the way variable passport01:16:46
after the cycle he will add more01:16:48
the correct password, that is, we can even01:16:50
bring this design here like this01:16:55
as a small improvement01:17:00
but of course it doesn't matter01:17:03
so we launch hacker pie and this thing01:17:08
goes to hack and writes what happens there01:17:11
that they turn out and so far we have all this01:17:17
we do it all we do it you and I can01:17:19
reply to comments or write code01:17:22
this plugin is such and such a password is not01:17:25
it’s important, of course, it’ll just be a little prettier01:17:27
from looking like you're in love with someone's cold01:17:29
better so this thing happens somehow you01:17:34
switch to the computer01:17:36
how to make it not three digits at a time01:17:39
I went through a little bit and didn’t understand the question how01:17:43
make sure there are no three digits at a time01:17:44
went through it at one time, you can check it01:17:47
only one password needs to be created01:17:51
and we cannot send immediately01:17:52
bribe the role and ask the server01:17:54
could you choose the right one among them?01:17:56
yeah, it would be too easy, everything would be so easy01:18:00
that's why we have to hack01:18:03
go through all possible options01:18:06
Throwing chat records naturally with a tiger01:18:10
there will be a joint in alphabet twice for this01:18:13
I wrote it in so I'll check now no I didn't01:18:17
entered 2 you really really raw01:18:20
and two times a soldier now I'll fix it01:18:24
now I'll check alphabet when we go01:18:26
we'll come back to him yes thank you for thank you01:18:29
they were waiting for him to fix the bug with01:18:32
zero using a loop with a postcondition01:18:35
yes yes yes yes here we are almost there01:18:39
became I did not immediately understand the question cycle with01:18:48
postcondition01:18:49
it's like it's like there is such a person01:18:54
called not wilda01:18:56
so far the conditions are all correct do samsung while01:18:59
ta ta ta such a cycle unfortunately01:19:01
food doesn't exist so we01:19:04
forced by some others01:19:05
use tools at least until01:19:08
Tomorrow01:19:09
the board beat I didn’t understand the question what if01:19:13
password starts from 001:19:15
if the password starts from zero by the way this is01:19:18
good point is a good point01:19:21
I didn’t think about that, I’ll need that too01:19:23
correct and so we have the alphabet and01:19:25
password starting with zeros01:19:26
why 36 river systems01:19:28
calculus from where we come is just power01:19:30
our alphabet has 26 letters and 10 more numbers01:19:36
I actually don’t know how much it turned out to be01:19:38
it just seems like 610 is 36 who has a chick01:19:44
time in Republic of Dagestan01:19:46
hello everyone hello everyone and republics01:19:49
Dagestan and so on yes yes bug with01:19:55
the alphabet cannot be used to combine everything using01:19:57
magnets and tartus and method in this01:19:58
you get used to sorting through the library01:20:01
about built-in methods moreover01:20:04
there are still a bunch of different libraries that01:20:08
allow you to do all simple operations with01:20:11
interruptions and so on but we are more01:20:17
we now use simple ones for this purpose01:20:19
so that you understand the very essence of algorithms then01:20:22
there is something in general in the language maybe01:20:24
look like a wrap, well, I think that's all for now01:20:28
with questions you write what new ones01:20:30
will appear we will answer01:20:32
we will answer now let's go to the code01:20:37
effectively Shabbat so by the way we are already01:20:39
we see that this thing has reached four01:20:41
significant passwords ok it's still not01:20:45
hacked, which means either we have a tank somewhere01:20:48
or we could look somewhere and01:20:51
check so she gives me the whole story here01:20:55
I can’t see what we had here if only01:20:59
status code would be 200 then we got01:21:03
some result01:21:04
let's check what we have here01:21:07
is happening01:21:08
wow wow we have all the requests01:21:11
fell off01:21:12
there was one with curl errors and we login01:21:17
we don't give a damn01:21:20
I'm Aladdin and I accidentally wrote in the wrong line01:21:22
variable and how evil is such a variable01:21:25
there were more of them I also added the admin here01:21:27
instead of a real camp it is of course01:21:29
jamb from of course jamb let's do it01:21:31
I did, let’s restart and let’s go now01:21:33
something01:21:34
and let's go fix our function now01:21:38
generation and so absolutely correct01:21:41
you need the password and to start from zero and01:21:45
this was also acceptable acceptable01:21:48
meaning this time and but we need01:21:51
fix alfrey alfrey let's visit because01:21:53
that it is faster and without an idea f g h i j k l01:21:59
m n o p q r s t u v w01:22:03
south w here should be export here01:22:07
now laforet is correct now how do we01:22:10
be with zeros so so so so if we01:22:21
we will if we will always begin01:22:24
zeros would also be wrong01:22:25
so we can't just start01:22:27
we need to attribute it to us as if01:22:35
you have to go through one thing twice and01:22:39
I also don’t want to wow, what a long time01:22:42
broke down look we got there01:22:44
now everything is correct now without bugs01:22:47
The problem with the zero remains to be fixed01:22:50
as suggested with this problem01:22:53
let's deal with you now01:22:56
let's add an asterisk symbol at the beginning and if01:23:03
If only we came across this symbol01:23:09
we'll just delete it01:23:11
I don’t like forceful solutions01:23:13
let's think about what we can do01:23:16
By the way, if you have any ideas01:23:17
write in the comments and we will check it later01:23:20
maybe you came up with everything faster than me01:23:23
already written and I was just being dishonest at first01:23:26
your idea and so we move around01:23:30
alphabet01:23:31
it's really like that if it all started01:23:35
from zero to you we can’t do this01:23:39
because this is any symbol of ours01:23:41
alphabet and then you have to start a new one01:23:48
the variable is nothing but an asterisk01:23:55
nothing comes to mind, that is, us01:24:00
interested in situations when we are right01:24:05
saying we divide all numbers by two01:24:07
categories up to when we rewrite 0x01:24:09
started I never attribute it is possible01:24:15
let's do a little more like01:24:20
say a little more mathematics our state01:24:24
which we take you and I in the very01:24:26
first divide by two and if this01:24:29
will be if it was initially odd01:24:34
number means monolith do not add01:24:36
we will and if it is even and then we will01:24:39
By the way, we have three knives and a problem with zero01:24:42
Let's also see if we can fix it, well, basically01:24:47
okay, let's try it01:24:48
it turns out we then have all passwords01:24:51
I will go through two options when01:24:52
0x was there in the beginning and when it wasn’t there yes01:24:57
turns out I didn't miss anything01:24:59
let's try so we have a zero01:25:03
then we check at the very beginning01:25:08
situations when we started to attribute 0x01:25:10
and not registered01:25:11
If01:25:13
I was just thinking now that it wasn't01:25:15
have we repeated ourselves in such a system01:25:19
it seems not because in the current01:25:25
of our current implementation we have zero01:25:27
in the beginning there was never any except01:25:29
that one occasion when we01:25:30
manually added to all others01:25:33
cases such a thing, well, don’t generate such things01:25:35
numbers because well, just like everyone01:25:42
zero numbers and reject such conditions01:25:44
but such numbers simply do not exist01:25:46
mathematics we were never in the beginning01:25:48
By the way, they write and here is the second situation before01:25:51
when what if password and read 201:25:54
zeros and again we come here like this01:26:00
option again is not suitable in general then01:26:03
I think there's only one way left01:26:05
like an asterisk he really is01:26:08
makes the situation well, that is, you understand yes01:26:09
what would be the problem if we01:26:12
would have attributed the zero by chance to the beginning01:26:15
then we would do everything the same01:26:18
passwords but only after adding each one01:26:21
once a zero at first without a zero and a table01:26:24
what if the password consists of 2 zeros like this01:26:27
cant it is only an option with01:26:30
the only thing on lease with an asterisk01:26:33
with an asterisk we will clean the asterisk from01:26:37
different places and thus we will have01:26:39
it turns out to be a double, let's say 1 star 201:26:42
and 12 star it will be the same01:26:46
such a difficult task, nevermind01:26:52
no big deal no big deal01:26:54
we can think about it later01:26:56
do it even better, let's say there01:26:59
that counter method seemed to work01:27:02
for now let's just read the stars in01:27:05
in general we do absolutely everything the same01:27:07
the only thing at the end instead of here01:27:10
We take this hard code of ours and clean it01:27:15
the whole resort has asterisks, that is, as it were01:27:21
we can do it we01:27:23
we take Yuri Zol on the wedge of prize places01:27:26
no stars resort clinics01:27:30
and here we assign it to him, now I’ll write01:27:40
This is the construction in Python:01:27:45
here's this little thing as quality01:27:47
separator and merges all characters01:27:50
which they gave her to [ __ ] are based on writing01:27:52
Japanese to the castle what's going on01:27:55
so this is bam join and we can here01:27:58
pass some array, say 1 b and c01:28:05
and she can glue them together through empty force01:28:10
it would be nice to write a space to tell you01:28:12
at the space sign of fairy tales and then we she01:28:13
I would use this thing as01:28:15
glue separator string01:28:17
it’s so convenient and an improvement it’s simple01:28:21
there is a standard in the language and we are now with01:28:24
You Joe and Nim Mushroom that we already see everything01:28:28
strength with among all the characters of the alphabet if01:28:37
this symbol is not equal to the asterisk wedge01:28:43
result cut so now what happened01:28:51
here is some design it01:28:54
officially called there is capri want01:28:56
it shortens the announcement of additional01:29:01
array in which we would add these c01:29:04
it allows you to do everything in one line01:29:06
that is, without them it would be like portions01:29:09
cut c : enter and wrote the goals01:29:14
the numbers are the same only only cifam01:29:18
Well, this is the actual design01:29:20
does what it says it does, it takes c for01:29:25
all c in flint cut if this price is not equal01:29:29
You can write asterisks in Python like this01:29:32
Let's check it just in case01:29:34
Let's assume that we have a resort01:29:36
equal to some number and stuck there01:29:40
the asterisks among all these numbers of ours are ok01:29:45
and we need from these stars01:29:47
get rid of it now01:29:51
oh no dick forte just like this01:29:54
design wedge resort01:29:55
but we got rid of the working income now01:29:59
you can restart the same thing now01:30:02
we will see in the terminal how they will be01:30:04
moving around more options with a house01:30:08
now it's really not binary01:30:12
number systems zeros came rollers01:30:14
let's go and notice that no one missed it01:30:18
respectively01:30:19
now we are their children probably exist01:30:25
are there any more elegant ways to solve this?01:30:27
you can’t just come up with problems01:30:29
I can, by the way, in that version with01:30:32
a drum that goes on for half an hour01:30:35
it would be a medical problem but it would be possible01:30:40
her like this in an inelegant way01:30:44
decided if you have any by the way01:30:46
idea in the comments already and definitely tomorrow01:30:49
you when we do the refactoring01:30:51
we implement it because we want the above to be beautiful01:30:54
cat get real let's aliquet01:30:58
I was already fired and exhaled and found a vacancy01:31:00
if anything, well, I could not be looking for a job01:31:02
unfortunately or so in general for the fact that he01:31:06
water on the computer for how long01:31:08
the example inside will be from what if what is this01:31:10
it's a joke it's actually going to be broadcast01:31:14
last 2 more points this is a bypass and this01:31:20
improving our01:31:22
principle of password selection, I think this is01:31:25
words a total of 20 years needed01:31:28
increase weight to 37 we are about the same with01:31:34
they only did you01:31:38
you need to increase the bass to 37 so it will be01:31:43
longer than 361 fix everything correctly01:31:46
return horizon 0 as a variable in the act01:31:50
the advantages of victories were shaken off first to be attached01:31:54
after translating the main part, well, that's you01:31:56
probably didn't work very well, that is01:31:59
mirrors you were just different then01:32:04
I think the variables would be lost01:32:06
write the same only with the condition that01:32:09
share at the beginning any other village enter01:32:11
so we take it to go, well, essentially just a few01:32:13
but we did just that with the asterisk01:32:16
this any other character would be repeated01:32:19
among the other numbers and you would just01:32:21
you went through more we are the same01:32:22
done with the problem but just an asterisk01:32:26
You could also just remove the asterisk01:32:32
so that this extra symbol is not there01:32:37
By the way, here's an idea with01:32:41
where does it need to be increased to 37?01:32:44
this is an interesting idea, let's think about it01:32:46
what will happen suppose boris01:32:49
I would really be 30 seven already01:32:52
back to the code I switch questions there01:32:54
there were no more if we were here01:32:57
I'm afraid I'll increase it by one01:32:59
then we will really work like this01:33:01
as if we have 30 hysterical system01:33:04
dead reckoning but it turns out 36 river and type01:33:08
and if we have the remainder01:33:11
37 then what to do just Norik well well01:33:19
yes it seems to and it seems it seems to01:33:22
there is something sane about this01:33:26
meaning let's do this thing with thought and tomorrow01:33:29
for refactoring we are with us01:33:32
let's figure out how to make this star01:33:33
It seems to me better that the idea is to do it yourself01:33:36
37 something out of common sense has me just01:33:38
approach fails to think through everything01:33:42
do it right let's write it like that01:33:45
and even this will highlight01:33:48
it looks yellow, yes it looks like it01:33:51
some of the problems are solved, well, essentially we01:33:55
now they've done it so they have to clean it up01:33:58
you just have to think how much it is01:34:00
different solutions from distinguish or 101:34:02
asterisks clearly mental or not so01:34:06
you and I have now performed brute force and he01:34:10
called out to us for something simple01:34:12
user with a simple password now01:34:15
let's fight on the defensive side01:34:19
switch to our server as we saw01:34:22
as we saw, by the way, let's get some statistics01:34:25
let's check how many requests we have01:34:27
93 1991 to hack twice01:34:31
dog to learn about to touch neither01:34:34
one whose password is dog in the first01:34:38
case we did a little less01:34:39
queries are fairer than in the second01:34:41
therefore the number is odd but in the second01:34:44
case you haven't lost part of your password and so on01:34:48
on the server we are making some code and if01:34:52
this code could really be01:34:54
run as many times as we like01:34:58
you would definitely have the opportunity01:35:05
hack those users and essentially01:35:08
when we come to you now and go through these01:35:10
here are all the passwords in the loop we are still aegis-701:35:14
server of some kind, that is01:35:16
suppose that the server could01:35:18
make no request infinitely01:35:23
number of requests up to a second how much01:35:24
done so much accomplished let's say01:35:27
we will limit the number of requests to ten per01:35:30
second and then how much did you spend 2001:35:34
before this is about 1 50 thousand requests01:35:37
then 1 would need five thousand01:35:40
seconds to bypass this protection, this is what it is01:35:44
simple just a simple method of protection yes01:35:47
just don't process more than 1001:35:52
requests per second01:35:54
and for this specific client for01:35:58
let's say one specific IP address01:35:59
who came and that would be all very strong01:36:02
slowed down and how can I do it?01:36:09
[music]01:36:11
we'll go to a special one now01:36:14
interface that is actually you01:36:17
there's just a notepad in this notebook01:36:20
configuration server configuration01:36:25
which I also specially prepared and01:36:27
this configuration feeds everyone the service under01:36:30
called dicks in winx this is what it is01:36:33
a tool that is just the same01:36:35
are the entry point between the Internet and01:36:41
some farmers who lapped01:36:42
In principle, you can launch it without01:36:44
ambitions to make it public but also minx01:36:47
it has a bunch of different features that01:36:51
can be made with a request before01:36:54
give it to your server directly01:36:55
for example it can check the availability01:36:59
he can do some obligatory haidars01:37:02
deal with different requests01:37:06
or as in our case he can01:37:07
reject the flaw most often the truth x01:37:11
use for one simple purpose for01:37:14
in order to drill statics, that is01:37:17
pictures of assets or this other stuff01:37:20
everything that is not a service01:37:21
the server up is just static01:37:23
files that are stored on the computer01:37:25
Yandex knows how to give them away and more01:37:28
Moreover, rest can also cache, that is01:37:30
so that you don’t have to ask several times01:37:32
disk read well it's me okay you01:37:34
lyrical digression01:37:36
what I wrote here is what the config looks like01:37:39
our server and this is how we are now01:37:42
sent requests to drink a lot up to 5000 you01:37:44
I now declared the port 4000 and the port is here01:37:48
this server the new server will have01:37:51
request and rest will also accept then01:37:55
that 2700101:37:56
it’s true that all these are our requests01:37:59
there will be three direct ours01:38:03
regular service IP address 5000 and in01:38:08
in case this is a normal request for01:38:10
no big deal, but here’s the login01:38:12
special time I'm hot01:38:13
I indicate how to do this01:38:17
I point out it turns out likes creating factories01:38:23
first of all, I'm going, I could easily look like this01:38:26
here here and then I here are all the requests01:38:28
who go to this location is limited01:38:31
By the way, I forgot what it means01:38:34
parameter how this word is translated birds01:38:42
201:38:44
no one immediately says what kind of site this is01:38:48
explode I realized this amount01:38:52
requests before and after which servers in general01:38:55
blocked and more request average01:38:59
the right to become clear, that is, we are now01:39:03
after 100 illegal requests just01:39:05
must connect and how to create a zone01:39:09
before is created using some key and in01:39:12
in this case it is binary mode01:39:14
andr is essentially the address of the remote01:39:17
computer01:39:18
usually it’s just the IP address of which01:39:21
came to win and some special01:39:23
video lines and each such01:39:25
unique and chips we block access01:39:28
impressions block allow in01:39:32
within a second send and only01:39:36
20 requests no more, I'm good here up to 2001:39:39
in principle it can be 10 and nothing for me01:39:42
will change 20 reposts per second and store01:39:46
then statistics of requests for the last01:39:48
10 minutes but these are not just statistics01:39:52
I'm sorry, we don't store it for 10 minutes 1001:39:55
megabyte that is, if it comes that much01:39:57
good for the people that01:39:59
10 megabytes will run out conclusion I will lose my husband01:40:02
I'm this opportunity01:40:04
enter statistics but usually top 1001:40:06
Megabytes are enough for your eyes01:40:07
there's only one stove maker there, how long is there01:40:09
four digits01:40:12
several kilobytes01:40:13
press the sword of kilobytes that is 1001:40:16
a megabyte will hold 10,000 different01:40:19
this will definitely be enough connections01:40:21
and these endings are now simply unfolded01:40:26
on my computer i can take this one01:40:28
conflict to update Yandex and all these01:40:31
the settings will be applied now by you01:40:33
Let's try to go to the 5000th site01:40:37
4000 and it will display the same numbers01:40:41
same 93 99101:40:43
and for trying, well, only this now01:40:46
was done through a proxy in the form of Yandex and01:40:49
usually when I make a website there usually01:40:53
only this port is hidden from the outside01:40:55
Yandex official is not on target and to it01:40:59
you can't contact us here we are now01:41:00
let's assume we can't go to01:41:02
our server directly01:41:03
and try to send the same barrage01:41:05
requests to the server to another up to 4000 and01:41:13
port and let's see what happens01:41:18
we launch here to attack you and so01:41:24
take you there and don't block it01:41:27
just waiting for her first connection01:41:29
there they throw it back and she and she01:41:33
waiting until he can sleep01:41:34
next01:41:35
that is, essentially now, essentially now01:41:40
the same attack is done only01:41:42
much more slowly01:41:44
let's use it to compare01:41:47
I'll stop now so I'll send the whole one01:41:51
same flurry of requests for 500001:41:52
and with the help of a tool, no, I’ll count it01:41:58
how long will it all take I just01:41:59
taiga that in front of our launch team01:42:01
the scriptwriter will now count how much01:42:03
it will take time to break our01:42:05
our cat01:42:08
and then we will count how much we can01:42:13
how much time will you need to spend01:42:14
to do this with the same01:42:16
the limitation will be directly visual01:42:19
the result to which we would01:42:22
we want to achieve it, well, it’s already a top five01:42:26
six would still count and01:42:31
this is just the method of protection method01:42:34
protection and actually it’s not particularly like01:42:38
you will bypass that is, since we were forbidden from01:42:43
send more than 20 from one computer01:42:46
requests per second01:42:47
There is no way to bypass such protection01:42:50
that is, these are the captchas for which01:42:52
holds onto the user if he can't01:42:55
register more than three times and they01:43:00
they protect the attack a little from01:43:04
constant search because of requests01:43:08
generally blocked through but only01:43:11
for one user01:43:12
that is, we can roughly speaking we have01:43:14
3 attempts to hack every user and01:43:16
we can do this for absolutely everyone01:43:19
different users but this method01:43:22
protection when you're just a person01:43:24
too many requests from Butera in his01:43:26
he's so more to the beach01:43:29
the only thing is that 20 requests are us01:43:32
Now of course they didn’t put it generously01:43:36
this is a pretty meager result01:43:38
let's look at my computer now01:43:40
here we have 33 seconds01:43:43
custom time and minute 04 total01:43:47
that is, we are with you now01:43:49
actually waited one minute and01:43:52
4 seconds to crack the password called01:43:58
dog if we turn on protection and01:44:01
sleep before requesting a secure server where01:44:04
these 20 requests per second are watched01:44:06
how long will it take to go there?01:44:08
slowly slowly I just see the dynamics01:44:11
requests may be broadcast on01:44:13
youtube these days are very clearly visible but01:44:15
straight feels how slow01:44:17
switches numbers now01:44:18
you manage to see so that's why01:44:23
the protection method was restored when01:44:26
you limit it to twenty, it’s just01:44:28
it seems to cut out the beads, but these are attempts01:44:32
and this, by the way, is also the reason why you can’t01:44:36
depend on some server from one01:44:39
computer to simply01:44:41
you won't be able to clog the channel so much that01:44:47
how simple your requests will be01:44:54
you throw back the maximum that you can01:44:56
do it01:44:58
stress him out so much with your requests01:45:00
what does he say about the requests of the other participants?01:45:03
will become01:45:04
This is a little more difficult to answer, but01:45:07
in fact, for it to be at least somehow01:45:08
palpable and so with a bunch of different01:45:10
computers up to01:45:11
sent requests through some kind of botnet and01:45:15
essentially if we have a restriction without01:45:19
date captcha that we have now installed01:45:21
the only way to get around it is simple01:45:24
make all the same requests and troubles01:45:26
actually how are you now with you and01:45:27
we act, that is, rest on it01:45:30
the restriction should not be passed further by the way01:45:34
this is how we did it now01:45:37
restrictions are quite generous01:45:39
completely lured, but we could do these too01:45:41
de doterov just money too too01:45:44
very much but then we would like this01:45:47
limits of 20 requests per second01:45:49
it wouldn't be enough for whatever reason01:45:51
when you open this site you have01:45:53
everything to load the whole page01:45:56
you need to download all the pictures that are there01:45:58
there is a website and then there are different java01:46:02
script new libraries that all01:46:03
the logic of what is happening on the site01:46:05
implement them too in different files01:46:07
stored by different requests01:46:08
implement and frankly speaking you can01:46:10
open developer mode in browser01:46:11
go to the website vk.com page where your01:46:16
the tape will be displayed soon I'm flying down and01:46:18
see how many requests went to01:46:20
server you can meet there at a time there are 30001:46:23
requests at least01:46:25
the fact that every new picture you01:46:29
requested each new script flew and01:46:32
so on so on so on then we01:46:38
they displayed all users like this01:46:40
unfortunately my neighbor can't do it01:46:43
VKontakte type VKontakte or Facebook01:46:45
they are forced to do this whole thing01:46:51
stop because then they can01:46:56
knocked to ban the whole01:46:58
roughly speaking the whole house because everything01:47:03
they are essentially sitting there with 1 and the stove maker01:47:05
thanks to the domain system and beat and that's it01:47:09
we just lost access to the site01:47:11
and what happens when you walk down the street and at home01:47:14
and try to Google something for us01:47:16
offers captcha to solve this one here01:47:19
the captcha works here because01:47:21
you have proven that you are not a robot and01:47:23
and you are allowed to make further requests01:47:25
this happens because the operators01:47:28
mobile operators cell towers here01:47:31
these they have one and pi address essentially01:47:34
practically and when you go to them01:47:36
connect and everyone else too01:47:38
connect from them goes straight01:47:40
huge number of requests per second01:47:43
and google thinks that it all comes with01:47:47
one computer actually01:47:49
in fact it's just 100 I'm the tower that01:47:51
serves a lot of people and bandits01:47:54
offers captcha if blocked01:47:55
Can you imagine how many people are left01:47:57
without Google you can only defend yourself01:48:00
captchas from such brother forces01:48:07
are already protected somehow to limit to01:48:10
so that simple passwords can at least be cracked01:48:14
it didn’t work out quickly and so did adidas01:48:18
defend yourself, but I bought all these 201:48:21
honey and let's not provide pretty01:48:23
good protection now I can bypass it01:48:26
much more difficult there it is easier01:48:28
apply different methods01:48:30
the goal of engineering and so on and now we01:48:34
let's go back to the computer01:48:35
and will continue to improve our01:48:40
our hacking algorithm so far01:48:44
the cat continues to be forgotten, here we are now01:48:46
reached three in the third category this01:48:50
it means there's a little bit of everything left there01:48:53
numbers go and afraid but we expect it01:48:56
let's do let's let it go in the background01:48:58
for now we will deal with the giant01:49:02
improvement of brute force01:49:04
and it is what you need01:49:06
not everyone can sort through their roles, only the most01:49:08
popular how to figure out what passwords01:49:11
these are popular get a very simple need01:49:13
just download the database of the most popular ones01:49:16
passwords on the Internet and use it01:49:18
it seems like a simple idea of a single this01:49:22
do all brute force with complete brute force01:49:24
some algorithm to write just opened01:49:26
file went through it and if the password01:49:28
popular then it will definitely be found01:49:30
will be found very quickly and we will find out01:49:35
By the way, attack in width until whenever01:49:37
users go through Volodin and everyone01:49:39
it’s better to do it with some kind of bases01:49:44
let’s find such a base, that is, paper01:49:50
passport foliage question is ready on Github01:49:53
I have this 8 megabyte file lying around01:49:55
all this and he keeps 10 million01:49:58
passwords download now we will download it01:50:03
he decided to load into the video in the browser01:50:06
this is a regular txt file there through01:50:09
it turns out a line break these genes01:50:11
all passwords 1356 passport and in apartment 5 601:50:17
7 to 3 points was an interesting statistic01:50:22
what kind of passwords do they come up with here?01:50:26
in general there are one million most popular01:50:28
passwords that would be useful01:50:30
saved the downloads with you now01:50:32
let's save the downloads, it will download in01:50:38
beggars this file in our project01:50:41
so that it can only be opened01:50:44
let's keep it simple and passport tek password01:50:52
dissakh of course ambassador radish and that means01:50:58
drank away the danger, we have him here in01:51:01
emphasized it was displayed well01:51:03
so we can just use01:51:05
what do we need to do then?01:51:08
Oxford needs to open this file before01:51:11
at first the function is no longer about this01:51:14
you will need to open this file and01:51:16
they just have to return it every time01:51:18
new construction of this file I01:51:22
now I wear at least a rupee, I suggest01:51:25
rename and environment factor to hacker01:51:30
it turns out that it was needed it was01:51:33
brute force brute force01:51:36
and now let's create a copy of this file01:51:40
so that we don’t lose this code here too01:51:42
it will already be01:51:44
here is the force of March to give because you are already01:51:48
we will do it faster using here01:51:50
this file and you no longer need a mix passport01:51:57
should just give the next line in01:52:00
Africa we will open the file now01:52:02
processors are not01:52:03
and so that we don’t have any problems01:52:07
make a backup file name water01:52:11
I sold my passport. texts you will learn01:52:14
I caught it, open it from the password file01:52:21
yes and then when the file is open01:52:24
the need to count its entire contents01:52:27
remember there through it turns out backsplash01:52:30
n yes, that is, through a line break01:52:33
separated, that is, we just need01:52:35
count all the lines of this file then01:52:40
there is a passport that we are interested in01:52:44
will be that you take01:52:46
everyone read this file from it01:52:49
in Riga, which he has here01:52:51
readlines directly01:52:53
and what does readlines do is return a list01:52:57
it returns the list directly to memory01:52:59
computers are great and let's for01:53:03
let's see an example now let's see what01:53:07
there are passwords there we see let's say first01:53:09
10 the first 10 we will display in everything else I01:53:12
For now I’ll comment on the terminal neighbors01:53:18
this search is still ours01:53:20
password for terminal neighbors01:53:24
let's go to the terminal01:53:26
I'll run this file hacker brute force01:53:28
smartphone let's look at the file, it's all opened01:53:32
passwords were counted but this run01:53:34
absolutely which means will give01:53:36
he stayed and the water came from there, of course01:53:40
how to clean it can be done in01:53:43
python to clean every01:53:45
garbage type this spaces or hyphens01:53:47
lines at the edges of the line01:53:49
there is a strip function built in then01:53:52
do we have some kind of password yes01:53:55
we smell and train with a cycle01:53:58
for01:53:59
the same for all passwords from our file01:54:02
and cleared all the passwords again01:54:06
function one design does not sleep strip01:54:11
used a sheet of reasons for this01:54:14
to write it down in one line01:54:18
the for loop itself01:54:19
and the password that he uses to operate with the computer01:54:27
meaning somehow01:54:30
the news is a list of passwords and01:54:31
its first 10 elements now look like01:54:34
this is how they should look and you're happy01:54:37
It is useless to continue writing code further01:54:42
I will choose01:54:43
function index passport now we need01:54:45
what will she do she will have to take01:54:48
just a password with an index who we need01:54:55
handed over a passport from the state of state to her01:55:00
will have to increase but here it is01:55:02
I suggest you don't bother01:55:04
and start minus ones then just 101:55:06
state will be the next house01:55:11
and so on you will go through everything completely01:55:13
password but the rest of the code is up to01:55:16
collagen remains unchanged01:55:20
you will only like it for some reason01:55:22
you don't like the handwriting duplicate code01:55:25
frigate he discovered that I had everything01:55:27
the file contains exactly the same code and01:55:29
suggests that I simplify it to bring it out01:55:32
all some function in principle is01:55:34
sound idea but since we are today01:55:36
often our centuries reach nothing01:55:39
scary so before you start attacking01:55:43
new let's see what's there01:55:46
the old one has reached nine, well, I suggest01:55:50
don’t interrupt it, bring it to the end01:55:53
the end of the letter d yes it will take somewhere else01:55:57
here I think 5 but for now we answer the questions ourselves01:56:01
question and let's talk about development01:56:03
will write write write what you have01:56:05
Nikita teacher question get thank you01:56:11
thank you can they make it so there is one01:56:14
I can ask for a second, but then again01:56:17
we will encounter even one request in 1001:56:20
make it for minutes but then add salt01:56:23
it would be bad for the user to let them know who it is01:56:25
enters manually, that is, we simply01:56:28
we'll do a little poorly because usually01:56:32
to the server, besides there is authorization01:56:34
still loading all the cards but again01:56:36
a restriction can be placed purely on us01:56:38
authorization request yes then one01:56:42
request for a second is good it's basically01:56:45
pretty cool timeslide kind of like that01:56:47
there's really no time to put it in01:56:51
blind is a thing that is done on01:56:55
pirate server01:56:56
and if we do this we won't go01:56:59
then we won’t answer anyone at all01:57:01
more than once per second and 1000 by the way01:57:07
1000 seconds are milliseconds in Python01:57:11
everything is denoted by integers, that is01:57:14
if one second is01:57:15
and then just hang there, exposing everything01:57:19
task for each specific dido hero yes01:57:23
limit access01:57:24
and so that everyone else lives normally01:57:26
so that they don't feel bad there captcha evil01:57:30
I completely agree, here are Google's01:57:33
cards that automatically they are here if01:57:35
came the pictures you didn't offer01:57:36
mark yes where you see the car in01:57:40
in general they would take it01:57:42
Is it possible to ultimately limit this?01:57:45
generally speaking it can come to python01:57:47
request exactly the same as it comes in01:57:50
Yandex has all the same ones there01:57:52
You can see the parameters here01:57:53
what01:57:54
exam he came this request and you have01:57:57
Python store, roughly speaking, a dictionary with01:58:00
all the Komi picks that came to you and01:58:04
how to calculate for each01:58:07
number of requests for the last time there01:58:09
let's say 10 minutes but again you have to pay01:58:12
Peter needs all this cooling and besides01:58:14
there are cool ready-made tools01:58:16
which make it much more convenient01:58:19
for example plaster we did it all01:58:23
adding some small file and01:58:25
run your own view in python01:58:28
would look much longer in01:58:31
In principle, Python can do this, but not01:58:34
is like a tool like this01:58:36
adidas protection directly in the ending01:58:42
In general, a lot of things in the world have been completed01:58:45
up to a very cool tool project from01:58:51
caborsa one of millions of services01:58:52
who use yes this is Maxim01:58:56
yours when the robot thought it was plaster01:59:00
it belongs to the instrument although it was01:59:04
bought for many millions of dollars alone01:59:07
from American companies and now they are for01:59:11
it's the quarrel of lips that's so much money01:59:14
of course they want to do it really do01:59:17
it's not entirely fair Robert tried01:59:21
gobble up yes yes yes yes let's get on the news01:59:23
read about this series and we are with you01:59:25
let's start writing code01:59:28
but it was more elegant with an asterisk in01:59:33
in principle, yes, well, I’ll think about it somehow in my spare time01:59:35
can cities come up with something better, me and01:59:37
you just did it tomorrow and so01:59:41
print hello world plus page you through01:59:44
via Skype I didn’t understand what was being said and01:59:47
I managed to increase the bass for some reason01:59:51
the idea with the combat was to01:59:53
make history when we are artificial02:00:00
increase this array of our alphabet02:00:03
as if with an asterisk only02:00:06
do it through not through an asterisk but02:00:12
right in the code and maybe with this02:00:15
opportunity will appear as if there is no option02:00:20
collect different versions of the same02:00:23
date lines, well, I already said that one02:00:25
asterisk two three is the same as02:00:27
123 with an asterisk is the same as 1202:00:30
star 302:00:31
and it's also the same as an asterisk02:00:33
one star 2 star 3 star02:00:35
that is, so as not to go through 1 this one02:00:38
and the same thing a bunch of times using these02:00:39
maybe there are some more stars02:00:41
cool way maybe if we are not here02:00:46
increased to leave with the help of an asterisk and02:00:48
increase the bass which is equal to the length02:00:50
maybe we will have an alphabet02:00:52
the possibility is somehow this thing is faster02:00:56
in this case we would start with a friend02:00:59
now they've covered it too02:01:00
and now he has no problems, send me the link02:01:07
on the file here the role of zhor was simply googled and02:01:10
the first thing you come across is a git repository02:01:14
rude, most likely this file is there too02:01:16
will be there and can be downloaded02:01:21
in general, I’ll also send it graphically to yours02:01:24
in general, at the end of our webinar and so on02:01:28
it's time to end our lesson where02:01:31
reminded us to sit around quite a lot02:01:33
our dog just broke down02:01:36
it took 16 minutes, imagine 1602:01:40
minutes 45 seconds02:01:41
if it weren't a three letter password02:01:44
how many days I was angry, in general it’s like this02:01:47
such02:01:48
without protection it is a complex password and and02:01:50
allows you to forget because simply02:01:55
it will probably take a year if you did it02:01:58
the password is without ten characters02:02:00
we need to calculate this until here we are02:02:02
let's see how it can work02:02:06
now let's try to send a request and that's it02:02:09
still on first on usually on the server02:02:13
which is not protected in any way by petit02:02:15
which has port 5000 and let's try now02:02:21
apply our lex passport function where02:02:23
you just open this file and and02:02:25
train using popular passwords and02:02:28
let's count the time right now02:02:30
which will go through this procedure like this02:02:37
here it goes through all the passwords02:02:38
goes through and goes through and well, early or02:02:41
it'll be late, of course I'm ready if02:02:44
in general there is in this file because this02:02:47
showed it, we'll check it out, otherwise you never know02:02:50
launched it didn’t work at all and so we write02:02:55
god eat big dog bull dog02:03:01
there's just tok tok tok there's even dogs 202:03:06
running is more popular than just doc02:03:08
Apparently because the service is limited02:03:10
just fish codes and passwords so by02:03:12
rarely found in statistics, come on02:03:15
doc with line break just trying02:03:17
find02:03:18
so how would we do it, let's do it like this02:03:23
and here we will write the doc just this at the beginning02:03:30
Let's insert what happens, oh well with 20002:03:35
will pass it on02:03:36
yes you have one o02:03:40
and that’s how it ended and it went away too cool02:03:42
I'm about to get into trouble02:03:44
suddenly this is apparently not the most popular02:03:45
the password will remain only on which one until02:03:47
17 thousand six hundred ninety-three02:03:49
place but the password of some admin02:03:52
the password of some admin who02:03:54
12345 evil woman using this02:03:59
tool not in a minute but in half02:04:04
seconds that is such a thing adac cool02:04:07
works for those users who02:04:10
bad password becomes and if through02:04:12
a bunch of users go through something like this02:04:17
the method will give much better results02:04:20
Well, I think if they sent everything before02:04:24
some kind of remote secure service is02:04:28
it was going to be longer02:04:31
minister 17000 passwords we have 20 requests02:04:37
per second this means that we can02:04:41
sort taximo 20000 divided by 2002:04:48
it will take eight hundred and fifty seconds02:04:51
or 14 minutes, well of course we are already this02:04:56
let's not wait for numbers, that's how it is02:04:59
let it go for beauty but in principle this02:05:03
something more than a password site02:05:05
allows you to resolve this quickly02:05:09
a situation where we are a little02:05:11
we think and come up with ways02:05:13
which may, in the worst case, not02:05:16
always work, yes a person can02:05:17
be unpopular in short well on average02:05:20
work better and there will be homework02:05:27
keep creative story write 202:05:30
homework is offered to you during02:05:32
be the first to reproduce everything that was on02:05:35
lesson of course using these files02:05:38
which are just these frogs, well, don’t02:05:40
there will be a task to write it will be necessary02:05:42
you just need to install the server on flasks02:05:45
will raise next02:05:46
well, not childish, just run it here02:05:49
this file is a brute force hacker. share and02:05:53
carry out an attack brother force will of course02:05:57
cool if you try and the rest02:05:59
add it but as a last resort if here02:06:02
you won't have enough until tomorrow02:06:05
webinar then you can simply02:06:07
take advantage of the year's ready02:06:11
compulsory part of homework02:06:13
because without it you can’t do it02:06:15
the second part and of course this one02:06:21
the creative part will be02:06:22
so you can figure out how to improve02:06:25
For example, you give an average attack02:06:30
you can take it and try to isolate02:06:33
password based on lag yes that is on02:06:36
exchange service is used as a login02:06:38
some email and this e-mail you can02:06:42
keep the person's name if you try02:06:44
acceptable as this password02:06:46
use email there or it02:06:49
combinations date take trim by02:06:50
dog and tell him to put it at the end02:06:53
a unit or a sign what is it02:06:55
try some such operations02:06:56
something to do, it also increases02:06:59
the likelihood that, well, concrete02:07:02
We will hack the average user of course02:07:05
and some may assume that you have02:07:11
is there any additional information02:07:13
for example his birthday report card gender and02:07:16
try to get this information02:07:18
try to combine the password in general02:07:20
homework to sign up to02:07:23
you showed creativity and came up with a way02:07:27
can be improved to speed up here is password cracking02:07:31
on average, that is, do some well02:07:33
come up with some ideas that are02:07:35
statistically they make it more likely02:07:40
this will be homework and she02:07:43
much more complex due to its02:07:44
fulfillment has already been done, we will give prizes02:07:46
play deadline is 19 0002:07:50
Moscow time tomorrow02:07:53
Yes, what is our date? December 21, 19 0002:07:58
Moscow time02:07:59
if someone sends it, well, at least not02:08:02
I know seconds or there will be later in this not02:08:04
I'll count it because it won't be fair02:08:06
attitude towards steel participants who02:08:08
tried to be on time02:08:11
that's it friends, thank you for being you02:08:15
were with us today I hope a lot of new things02:08:20
learned a lot new understood liked it02:08:24
python there and so on tomorrow you are with you02:08:26
let's make it beautiful02:08:28
let's finish everything that is not finished and do it02:08:30
from this full-fledged application which02:08:32
maybe in the portfolio portfolio02:08:33
insert and summarize the results of the intensive up to02:08:36
Let's do a raffle on this one time02:08:39
thank you anger admits continues I02:08:44
went to send telegram files02:08:46
the broadcast is over02:08:50
[music]02:09:09
[music]02:09:18
[music]02:09:33
[music]02:09:46
[music]02:10:03
[music]02:10:13
[music]02:10:28
[music]02:10:46
[music]02:11:07
[music]02:12:24
[music]02:12:39
[music]02:13:01
[music]02:13:54
[music]02:14:12
[music]02:14:40
[music]02:14:49
[music]02:15:17
[music]02:15:37
[music]02:15:55
[music]02:16:13
[music]02:16:19
[music]02:16:31
[music]02:16:37
[music]02:16:48
[music]02:16:54
[music]02:17:06
[music]02:17:23
[music]02:18:15
[music]02:18:21
[music]02:18:39
[music]02:20:57
[music]02:21:15
[music]02:21:35
[music]02:21:53
[music]02:22:11
[music]02:22:28
[music]02:22:46
[music]02:23:10
[music]02:23:39
[music]02:24:13
[music]02:24:31
[music]02:24:53
[music]02:25:07
[music]02:25:24
[music]02:26:35
[music]Description:
Сделайте первый шаг к новой профессии – запишитесь на бесплатную карьерную консультацию: https://webinar.skillbox.ru/code/bkk Продолжаем наше онлайн-обучение «Стань хакером на Python за 3 дня». На предыдущем занятии вы познакомились с основами языка и разобрались, как работать с библиотеками и сетью. Во второй день интенсива эксперты Skillbox обсудят работу с файлами и запросами, реализацию brute-force-атаки и ее улучшение, а также расскажут, как защититься от такой атаки. Кроме этого, обсудят интересные случаи взлома и в прямом эфире создадут утилиту для автоматического подбора паролей. В конце мастер класса участники получат домашнее задание. Выполните его, и к концу этого мини-курса Python у вас будет уже готовый проект для портфолио. 01:50 - презентация Skillbox 08:20 - о работе браузера 12:07 - формирование и отправка HTTP-запросов 14:15 - получение и обработка ответов 16:41 - Authentication 22:40 - ответы на вопросы 36:00 - написание кода 1:31:14 - ответы на вопросы 1:38:14 - написание кода Подписывайтесь на наш канал, чтобы не пропустить анонсы новых вебинаров и онлайн-конференций. А также заглядывайте в наши соцсети, там много полезной информации: https://vk.com/skillbox_education https://www.facebook.com/unsupportedbrowser https://www.facebook.com/unsupportedbrowser https://ok.ru/skillbox https://t.me/skillboxru
Preparing download options
* — If the video is playing in a new tab, go to it, then right-click on the video and select "Save video as..."
** — Link intended for online playback in specialized players
Questions about downloading video
How can I download "Онлайн-обучение Python за 3 дня" video?
http://unidownloader.com/ website is the best way to download a video or a separate audio track if you want to do without installing programs and extensions.
The UDL Helper extension is a convenient button that is seamlessly integrated into YouTube, Instagram and OK.ru sites for fast content download.
UDL Client program (for Windows) is the most powerful solution that supports more than 900 websites, social networks and video hosting sites, as well as any video quality that is available in the source.
UDL Lite is a really convenient way to access a website from your mobile device. With its help, you can easily download videos directly to your smartphone.
Which format of "Онлайн-обучение Python за 3 дня" video should I choose?
The best quality formats are FullHD (1080p), 2K (1440p), 4K (2160p) and 8K (4320p). The higher the resolution of your screen, the higher the video quality should be. However, there are other factors to consider: download speed, amount of free space, and device performance during playback.
Why does my computer freeze when loading a "Онлайн-обучение Python за 3 дня" video?
The browser/computer should not freeze completely! If this happens, please report it with a link to the video. Sometimes videos cannot be downloaded directly in a suitable format, so we have added the ability to convert the file to the desired format. In some cases, this process may actively use computer resources.
How can I download "Онлайн-обучение Python за 3 дня" video to my phone?
You can download a video to your smartphone using the website or the PWA application UDL Lite. It is also possible to send a download link via QR code using the UDL Helper extension.
How can I download an audio track (music) to MP3 "Онлайн-обучение Python за 3 дня"?
The most convenient way is to use the UDL Client program, which supports converting video to MP3 format. In some cases, MP3 can also be downloaded through the UDL Helper extension.
How can I save a frame from a video "Онлайн-обучение Python за 3 дня"?
This feature is available in the UDL Helper extension. Make sure that "Show the video snapshot button" is checked in the settings. A camera icon should appear in the lower right corner of the player to the left of the "Settings" icon. When you click on it, the current frame from the video will be saved to your computer in JPEG format.
What's the price of all this stuff?
It costs nothing. Our services are absolutely free for all users. There are no PRO subscriptions, no restrictions on the number or maximum length of downloaded videos.