Skip to content

Instantly share code, notes, and snippets.

View Nothing4You's full-sized avatar

Richard Schwab Nothing4You

View GitHub Profile
@Nothing4You
Nothing4You / zendesk.md
Created October 14, 2024 00:46 — forked from hackermondev/zendesk.md
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like support@company.com), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@Nothing4You
Nothing4You / orphaned-vm-disks.ps1
Last active August 7, 2022 18:38
Find orphaned VMDKs in VMware vSphere
# Don't forget to run Connect-VIServer before running this script
# Tested against vSphere 6.7 using PSCore 7
# Function from https://theposhwolf.com/howtos/Format-Bytes/
# https://github.com/ThePoShWolf/Utilities/blob/88860fefb1e35a6f71e9799e1a51ae903d074f8d/Misc/Format-Bytes.ps1
# under MIT license: https://github.com/ThePoShWolf/Utilities/blob/88860fefb1e35a6f71e9799e1a51ae903d074f8d/LICENSE
Function Format-Bytes {
Param
(
[Parameter(
@Nothing4You
Nothing4You / dashboard.user.js
Last active November 29, 2023 23:57
hacky replacement dashboard script to show b/s and i/s values
// ==UserScript==
// @name betterDashboard
// @namespace Nothing4You
// @match https://tracker.archiveteam.org/*/
// @grant none
// @version 1.2.0
// @author Nothing4You
// @description adds more information to archive team tracker dashboards
// @updateURL https://gist.githubusercontent.com/Nothing4You/b127b3cc4d4fabe372dcf078dbe86070/raw/dashboard.user.js
// ==/UserScript==
@Nothing4You
Nothing4You / patch.sh
Created September 30, 2020 09:42
centos embed kickstart in iso
#!/usr/bin/env bash
# dependencies: bsdtar xorriso isomd5sum
iso="CentOS-8.2.2004-x86_64-boot.iso"
#iso="CentOS-8.2.2004-x86_64-dvd1.iso"
ks="./kickstart-centos8.cfg"
wd="isobuild"
No translations found
Dirs searched: [PosixPath('/usr/local/share'), PosixPath('/usr/share')]
03/04/2019 13:38:04 (W) gajim.password python-keyring missing, falling back to plaintext storage
Traceback (most recent call last):
File "/Users/rschwab/Applications/Gajim.app/Contents/MacOS/gajim/application.py", line 227, in _activate
from gajim.gui_interface import Interface
File "/Users/rschwab/Applications/Gajim.app/Contents/MacOS/gajim/gui_interface.py", line 81, in <module>
from gajim.common.zeroconf import connection_zeroconf
File "/Users/rschwab/Applications/Gajim.app/Contents/MacOS/gajim/common/zeroconf/connection_zeroconf.py", line 44, in <module>
from gajim.common.zeroconf import client_zeroconf
@Nothing4You
Nothing4You / ansible.yml
Created June 8, 2018 18:57 — forked from jgornick/ansible.yml
Ansible: Remove All Files Except
---
- name: Capture files in path and register
shell: >
ls -1 /path/to/files
register: files
- name: Remove files except specified
file:
path: "/path/to/files/{{ item }}"
state: absent
@Nothing4You
Nothing4You / ..readme.md
Last active February 12, 2022 19:32
PHP file upload script for Prosody mod_http_upload_external

This script is based on https://hg.prosody.im/prosody-modules/file/f86478a02b25/mod_http_upload_external/share.php

It also supports using the file as index.php to allow stripping the php file from urls:

https://files.xmpp.msg.lol/6186af39-cc50-486e-9bc6-7f40143a62f7/pexels-photo-126407.jpeg
or
https://files.xmpp.msg.lol/index.php/6186af39-cc50-486e-9bc6-7f40143a62f7/pexels-photo-126407.jpeg

It has been changed to include proper caching headers (working with the cronjob below) to allow caching a file until it gets deleted. It also sends files with their mime type to allow displaying supported formats directly in the browser or inline in xmpp clients.

@Nothing4You
Nothing4You / letsencrypt_notes_openbsd.sh
Last active June 19, 2023 13:16 — forked from lachesis/letsencrypt_notes.sh
Set up LetsEncrypt using acme.sh without root on OpenBSD
# Modified for OpenBSD
# Assumes being root
# Requires curl to be installed, wget can also be used, relevant commands need to be adjusted. acme.sh supports both.
# Configured to use Cloudflare DNS for verification
# How to use "acme.sh" to set up Lets Encrypt without root permissions
# See https://github.com/Neilpang/acme.sh for more
# This assumes that your website has a webroot at "/var/www/<domain>"
# I'll use the domain "EXAMPLE.com" as an example
@Nothing4You
Nothing4You / config.h
Created December 20, 2013 23:36
include/config.h
/* include/config.h. Generated from config.h.in by configure. */
/* include/config.h.in. Generated from configure.ac by autoheader. */
/* Description */
#define ALLOW_ENV_CONFIG /**/
/* torsocks configuration directory */
#define CONFDIR "/etc"
/* Description */
@Nothing4You
Nothing4You / stdout
Created December 20, 2013 23:30
make
Making all in src
make[1]: Entering directory '/home/rschwab/build/torsocks-git/ts/src'
Making all in common
make[2]: Entering directory '/home/rschwab/build/torsocks-git/ts/src/common'
CC log.lo
In file included from <command-line>:0:0:
../../include/config.h:149:19: warning: missing terminating " character [enabled by default]
#define LIBC_NAME "libcap.so.2
^
CC config-file.lo