Skip to content

Instantly share code, notes, and snippets.

View KosmX's full-sized avatar
🛰️
 🌍

KosmX KosmX

🛰️
 🌍
41 followers · 4 following
View GitHub Profile
@KosmX
KosmX / overhyped_rce.md
Last active December 15, 2021 19:11
Overhyped RCE: CVE-2021-44228

The overhyped 0-day vulnerability...

I only show one side of the exploit or the media reaction. Not everyone is wrong about it

I won't detail the vulnerability here, if you don't know it, first check my repo KosmX/CVE-2021-44228-example.
Or use an external reference. Be aware, most of the online details about this, are misleading!

On december 9th 2021 the vulnerability was discovered.
For short, you can execute JNDI lookups by logging a special code.

Most media referred it as an RCE (Remote Code Execution), a very dangerous one

And, there are GH repos saying the same.

@KosmX
KosmX / keybase.md
Created January 3, 2022 20:28

Keybase proof

I hereby claim:

  • I am kosmx on github.
  • I am kosmx (https://keybase.io/kosmx) on keybase.
  • I have a public key whose fingerprint is 65F9 F99A C8CF 1BE7 5B8C A5A3 1241 9835 61E0 66FB

To claim this, I am signing this object:

@KosmX
KosmX / Random patches against life.md
Last active February 2, 2024 21:27

Forge modloader sucks... I had to create multiple workarounds...

  • Forge networking API modifies the binary packet, adds a varInt before it...

    I had to use low-level networking to avoid this behaviour.

  • Forge network doens't listen to Plugin channel if the server is not forge.

    I had to implement a custom listener and mix it with the built-in.

  • Forge plugin registration happens in login-phase

    Send hello packet when channel register or if that was before play-phase, then when goint to that phase.

  • Can't access to player trackers (who can see who) from Forge API > I copied the accessor from Fabric API into the Forge mod.
@KosmX
KosmX / ZeroTrustProgramming.kt
Last active July 4, 2023 20:40
A computer can never be help accountable therefore a computer must never make a *management* decision [meme]
import org.jetbrains.annotations.ApiStatus.Internal
import kotlin.contracts.ExperimentalContracts
import kotlin.contracts.InvocationKind
import kotlin.contracts.contract
// helper function
fun userCondition(msg: String): Boolean {
while (true) {
println("$msg [Y/N]")
@KosmX
KosmX / buffer_position.md
Last active July 29, 2023 22:43
Java 1.8 ByteBuffer signature changes and compatibility errors

NoSuchMethodError: java.nio.ByteBuffer.position(I)Ljava/nio/ByteBuffer;

A rare but critical bug in java 1.8 compatibility

JVM method representation

Let's decompile some java classes into bytecode (javap or recaf)

Simple function

    public static String bar(int a) {
 return Integer.toString(a, 16);
@KosmX
KosmX / wacom one (2020) registers.md
Last active April 24, 2024 21:51
Wacom One brightness linux

A quick reference for setting the display for Wacom One on linux using ddcutil/ddccontrol

0x0b, 0x0c color temp increment and temp request (i have no idea how to use that, but default is good) 0x10 (black level), keep it on 50 0x12 contrast, keep it on 50 (probably)

0x6b brightness (backlight), default: 50, max 100

Gamma can't be configured, mine tablet has sRGB gamma (what I would expect from any sane graphics tool)