Skip to content

Instantly share code, notes, and snippets.

View Zenexer's full-sized avatar

Zenexer

39 followers · 8 following
View GitHub Profile
@Zenexer
Zenexer / Firefox config.txt
Last active February 25, 2020 00:21
Fix Firefox's smooth scrolling to have the same snappy feel as Chrome, as well as some other tweaks.
# Apply these in about:config.
# Fix Firefox's smooth scrolling to have the same snappy feel as Chrome
general.smoothScroll.mouseWheel.durationMaxMS = 200
general.smoothScroll.mouseWheel.durationMinMS = 100
# Disable Pocket
extensions.pocket.enabled = false
# Enable ESNI and DoH
@Zenexer
Zenexer / 2018-02-12 CoreText crash fix.regex
Last active May 3, 2020 07:04
https://regex101.com/r/DPKWuX/5/tests
{
(?#
# Adapted for PHP by Paul Buonopane
# Based heavily on the following works:
# - https://manishearth.github.io/blog/2018/02/15/picking-apart-the-crashing-ios-string/
# - https://github.com/hackbunny/viramarama
#
# This PHP regex will match any string that contains Indic character
# combinations known to crash many iOS applications as of 11.2.5 and certain
# macOS applications as of 10.13.3.
@Zenexer
Zenexer / Fix for Ubuntu 17.10 on WSL.md
Last active May 15, 2020 01:23

Upgrading to Ubuntu 17.10 on WSL

Note: This workaround is no longer necessary in Windows 10 Insider build 17046 and later. As of 2018-02-07, the patch hasn't yet made it to stable.

  1. Upgrade with do-release-upgrade, as you normally would. It will error out and leave your system in a partially upgraded state.
  2. Close all WSL terminals and ensure that all WSL processes have terminated
  3. Run as a normal user (not root): wget -O - https://gist.githubusercontent.com/Zenexer/10bc12fa5c99848b4b2150184f6beee5/raw/ubuntu-fix.sh | sh -s
  4. Answer any prompts (sudo password, version disambiguation)
  5. If there are errors, resolve them and re-run the script. It is idempotent, meaning that it is safe to run any number of times, even if it only partially completes.
@Zenexer
Zenexer / bash.preinst.sh
Created February 7, 2018 22:24
#!/bin/sh
set -e
backup() {
if exists "$1"; then
cp -dp "$1" "$2" || return $?
fi
return 0
}
@Zenexer
Zenexer / Parsec vuln 140-1 CSRF.md
Last active February 15, 2018 02:58
Parsec CSRF vulnerability in version 140-1 and prior
@Zenexer
Zenexer / Google-Wifi-API.md
Last active April 25, 2024 10:17
API for Google Wifi and OnHub; mostly untested
@Zenexer
Zenexer / shadowbrokers.aREADME.md
Last active April 15, 2017 07:24
Technical observations from the Shadow Brokers leak

What is this?

These are portions of JSON responses from Yandex while browsing the latest Shadow Brokers leak. They include information about the uploads that isn't necessarily visible or easy to access from the web interface.

Observations

  1. The leak was released shortly after a Patch Tuesday and at the start of a holiday weekend.
  2. Uploader's account name: yurishitova
    1. The account doesn't show up anywhere else; it was likely created specifically for this purpose.
  3. My guess is that the name can be broken up into two words:
@Zenexer
Zenexer / escapeshellrce.md
Last active November 2, 2023 06:09
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure

Paul Buonopane paul@namepros.com at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

@Zenexer
Zenexer / escapetest.c
Created December 28, 2016 11:48
// Compile with -std=c11
#include <stdlib.h>
#include <stdarg.h>
#include <stdio.h>
#include <inttypes.h>
#include <string.h>
#include <limits.h>
#define MAX_STR_LEN 4095
@Zenexer
Zenexer / passgen.py
Last active July 29, 2016 09:40
# Moved: https://github.com/Zenexer/passgen