Sergey Solov

## vault.sh
# Install https://www.vaultproject.io/
brew install vault

# Start dev vault server in a separate terminal
vault server -dev
# ==> Vault server configuration:
# ...
# Unseal Key: 7ACQHhLZY5ivzNzhMruX9kSa+VXCah3y87hl3dPSWFk=
# Root Token: 858a6658-682e-345a-e4c4-a6e14e6f7853

## grep_regex.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                Solov
                / grep_regex.md
            
            
              Created
              May 5, 2021 11:32
                — forked from innyso/grep_regex.md
            
              
                #linux #cmd #grep #regex
              
          
    Difference between grep with and without extended-regex


by default grep interpret search pattern as basic regular expression i.e. the meta-characters ?, +, |, ( and ) are interpreted as literal, hence need to escape with backslash
can pass in extended regular expresson option -E (or --extended-regex) which means it doesn't take the meta-characters literally hence do not need to escape with backslash

Anchoring

# a line begins with hello
grep '^hello' world.txt 


## nginx device redirect
# Source: http://detectmobilebrowsers.com/

set $mobile_rewrite do_not_perform;

if ($http_user_agent ~* "(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino") {
  set $mobile_rewrite perform;
}

if ($http_user_agent ~* "^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|t

## tokens.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                Solov
                / tokens.md
            
            
              Created
              March 3, 2019 14:28
                — forked from zmts/tokens.md
            
              
                Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication
              
          
    Про токены, JSON Web Tokens (JWT), аутентификацию и авторизацию. Token-Based Authentication

Основы:

Аутентификация(authentication, от греч. αὐθεντικός [authentikos] – реальный, подлинный; от αὐθέντης [authentes] – автор) - это процесс проверки учётных данных пользователя (логин/пароль). Проверка подлинности пользователя путём сравнения введённого им логина/пароля с данными сохранёнными в базе данных.
Авторизация(authorization — разрешение, уполномочивание) - это проверка прав пользователя на доступ к определенным ресурсам.
Например после аутентификации юзер sasha получает право обращатся и получать от ресурса "super.com/vip" некие данные. Во время обращения юзера sasha к ресурсу vip система авторизации проверит имеет ли право юзер обращатся к этому ресурсу (проще говоря переходить по неким разрешенным ссылкам)

  
## restore_tree.php
<?php
/**
 * @file https://gist.github.com/max-dark/f39028cc106ed32e8ce1b55a11643b43
 */

define('ROOT_NODE', null);

/**
 * восстанавливает дерево по таблице связей
 * @param array $data

## usefull_commands.sh
# Running xdebug in the console, for debugging Laravel artisan commands. Useful as I keep forgetting this one...
php -dxdebug.remote_autostart artisan

#Running phpcs for 5.3:
phpcs -pv --standards= --runtime-set testVersion 5.3 --ignore=*/public/*,*.js,*.css,*/tests/*,*/views/training/* .

## .htaccess
<IfModule mod_rewrite.c>
  RewriteEngine On
  Options +FollowSymLinks
  RewriteBase /

  # www in //~
  RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
  RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

  # index.* in ~/

## zip-folder.php
<?php
$zip = new ZipArchive;
$bkfile = '../export/backup/backup-source-' . date('dd-mm-yy') . '.zip';
$zip->open($bkfile, ZipArchive::CREATE);
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator("../../"));

// iterate over the directory
// add each file found to the archive
foreach ($iterator as $key => $value) {
    if (in_array(substr($key, strrpos($key, '/') + 1), array('.', '..')))

## clean-old-kernel-ubuntu.sh
//пример, сначала узнаем текущ.информацию:
$ uname -a
$ ls /boot/ | grep vmlinuz
$ dpkg --list | grep linux-image
$ dpkg --list | grep linux-headers

//теперь команда удаления (bash):
$ sudo apt-get purge $(dpkg -l 'linux-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | head -n -1) --assume-yes
$ sudo apt-get autoremove

## attack.md

      
              1 file
            
          
              0 forks
            
          
                1 comment
              
            
              0 stars
            
          
                Solov
                / attack.md
            
            
              Created
              January 18, 2017 11:56
                — forked from timruffles/attack.md
            
              
                Chrome/Gmail attack received 11/03/2016. Not sure if the Chrome meta refresh + data:text,html technique is novel.
              
          
    The following attack will display a "you've been signed out" page for GMail, and attempt to steal your account credentials.
DO NOT PUT ANY ACCOUNT CREDENTIALS INTO ANY TABS CREATED AFTER VISITING THESE LINKS :)
I received an email in my GMail inbox with a fake attachment image, styled to look like the real GMail attachment UI:

This linked to a page that ended up displaying a fake "you've been signed out" link, via the data:text/html... URL feature of Chrome:
	# Install https://www.vaultproject.io/
	brew install vault

	# Start dev vault server in a separate terminal
	vault server -dev
	# ==> Vault server configuration:
	# ...
	# Unseal Key: 7ACQHhLZY5ivzNzhMruX9kSa+VXCah3y87hl3dPSWFk=
	# Root Token: 858a6658-682e-345a-e4c4-a6e14e6f7853
	# Source: http://detectmobilebrowsers.com/

	set $mobile_rewrite do_not_perform;

	if ($http_user_agent ~* "(android\|bb\d+\|meego).+mobile\|avantgo\|bada\/\|blackberry\|blazer\|compal\|elaine\|fennec\|hiptop\|iemobile\|ip(hone\|od)\|iris\|kindle\|lge \|maemo\|midp\|mmp\|mobile.+firefox\|netfront\|opera m(ob\|in)i\|palm( os)?\|phone\|p(ixi\|re)\/\|plucker\|pocket\|psp\|series(4\|6)0\|symbian\|treo\|up\.(browser\|link)\|vodafone\|wap\|windows ce\|xda\|xiino") {
	set $mobile_rewrite perform;
	}

	if ($http_user_agent ~* "^(1207\|6310\|6590\|3gso\|4thp\|50[1-6]i\|770s\|802s\|a wa\|abac\|ac(er\|oo\|s\-)\|ai(ko\|rn)\|al(av\|ca\|co)\|amoi\|an(ex\|ny\|yw)\|aptu\|ar(ch\|go)\|as(te\|us)\|attw\|au(di\|\-m\|r \|s )\|avan\|be(ck\|ll\|nq)\|bi(lb\|rd)\|bl(ac\|az)\|br(e\|v)w\|bumb\|bw\-(n\|u)\|c55\/\|capi\|ccwa\|cdm\-\|cell\|chtm\|cldc\|cmd\-\|co(mp\|nd)\|craw\|da(it\|ll\|ng)\|dbte\|dc\-s\|devi\|dica\|dmob\|do(c\|p)o\|ds(12\|\-d)\|el(49\|ai)\|em(l2\|ul)\|er(ic\|k0)\|esl8\|ez([4-7]0\|os\|wa\|ze)\|fetc\|fly(\-\|_)\|g1 u\|g560\|gene\|gf\-5\|g\-mo\|go(\.w\|od)\|gr(ad\|un)\|haie\|hcit\|hd\-(m\|p\|t)\|hei\-\|hi(pt\|ta)\|hp( i\|ip)\|hs\-c\|ht(c(\-\| \|_\|a\|g\|p\|s\|t)\|tp)\|hu(aw\|t
	<?php
	/**
	* @file https://gist.github.com/max-dark/f39028cc106ed32e8ce1b55a11643b43
	*/

	define('ROOT_NODE', null);

	/**
	* восстанавливает дерево по таблице связей
	* @param array $data
	# Running xdebug in the console, for debugging Laravel artisan commands. Useful as I keep forgetting this one...
	php -dxdebug.remote_autostart artisan

	#Running phpcs for 5.3:
	phpcs -pv --standards= --runtime-set testVersion 5.3 --ignore=/public/,.js,.css,/tests/,/views/training/ .
	<IfModule mod_rewrite.c>
	RewriteEngine On
	Options +FollowSymLinks
	RewriteBase /

	# www in //~
	RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
	RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

	# index.* in ~/
	<?php
	$zip = new ZipArchive;
	$bkfile = '../export/backup/backup-source-' . date('dd-mm-yy') . '.zip';
	$zip->open($bkfile, ZipArchive::CREATE);
	$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator("../../"));

	// iterate over the directory
	// add each file found to the archive
	foreach ($iterator as $key => $value) {
	if (in_array(substr($key, strrpos($key, '/') + 1), array('.', '..')))
	//пример, сначала узнаем текущ.информацию:
	$ uname -a
	$ ls /boot/ \| grep vmlinuz
	$ dpkg --list \| grep linux-image
	$ dpkg --list \| grep linux-headers

	//теперь команда удаления (bash):
	$ sudo apt-get purge $(dpkg -l 'linux-' \| sed '/^ii/!d;/'"$(uname -r \| sed "s/\(.\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]\)./\1/;/[0-9]/!d' \| head -n -1) --assume-yes
	$ sudo apt-get autoremove