defuse

# This is well-known behavior, it's just interesting.
$ mkdir a
$ echo "hello!" > a/file.txt
$ cat a/file.txt
hello!
$ chmod 000 a/file.txt 
# Now I don't expect to be able to change a/file.txt...
$ echo "GOODBYE" > a/file.txt
bash: a/file.txt: Permission denied
# Okay, good, I can't modify the file directly.

antirez

    dictForeach(d,entry)
        printf("%s -> %s\n", dictGetKey(entry), dictGetVal(entry));
        dictForeach(d2,entry2)
            printf("* %s\n", dictGetKey(entry2));
        dictEnd
    dictEnd

nabla-c0d3

#!/usr/bin/env python

import sys, socket, thread, ssl
from select import select

HOST = '0.0.0.0'
PORT = 5222
BUFSIZE = 4096

# Change this with the first two bytes of the SSL client hello

azet

#!/usr/bin/env bash
#
# Retrieves MX and A records for 'Alexa Top 1 Million' hosts
# and prints them as pretty formatted JSON objects to stdout.
#
# *Optional* parallelism support with GNU Parallel (recommended):
#     $ sudo apt-get install parallel
#
# Authors: Aaron Zauner <azet@azet.org>
# License: CC0 1.0 (https://creativecommons.org/publicdomain/zero/1.0)

defuse

#!/bin/bash
# primes.sh -- @DefuseSec

echo -n >/tmp/primes.txt

# Generate 1000 primes.
for i in {1..500}; do
    # Use 192-bit keys for speed (could potentially mask RNG bugs that only affect bigger keys)
    openssl genrsa 192 2>/dev/null | \
        openssl rsa -text 2>/dev/null |\

defuse

This was a comment I posted on bcrypt-ruby/bcrypt-ruby#43 (before I realized that issue was 5 years old!) which got deleted so I moved it here.

Let's make the attack concrete to see if it works. I have a dictionary of 2³² candidate passwords I want to try against a user account. I know the user's salt. There is no rate limiting. Ideally, it should take 2³² online queries to search through all of my candidate passwords. Here's the attack:

1. Using my knowledge of the salt, I hash ~2¹⁶ random preimages until I find one for every possible 2-byte prefix of the hash.
2. Now I send each of those 2¹⁶ preimages in turn to the server and observe the side-channel. I may have to repeat this a few times in order to improve the SNR, let's say 100 times. So in 100*2¹⁶ online queries I learn the first 2 bytes of the hash.
3. Now that I know the first 2 bytes of the hash, I do 2³² offline work to hash all of my candidate passwords a

peternguyen93

#!/usr/bin/python
# Author : peternguyen

from Pwn import *

# p = Pwn(mode=1,port=8887)
p = Pwn(mode=1,host='52.193.196.17',port=56746)

def select(op):
	p.read_until('Your choice: ')

robcowart

# This configuration for nProbe exposes many more options than is available in the file provided
# when downloading nProbe.
# 
# Most likely you will only need to change the -n and -i options for your environment. However, a
# number of other options are documented in case you need them.
#
# The provided template works very well with ElastiFlow - A solution to collect and analyze network
# flow data using the Elastic Stack. ElastiFlow is available from:
# https://github.com/robcowart/elastiflow

leoluk

"""
Custom LOGIN_REQUIRED middleware which allows OAuth URLs.
"""

import utilities.middleware
from django.conf import settings


class CustomLoginRequiredMiddleware(utilities.middleware.LoginRequiredMiddleware):
    def __call__(self, request):

sdondley

Super Guide to the split-window tmux Subcommand (and Beyond)

Guide overview

tmux, like other great software, is deceptive. On the one hand, it's fairly easy to get set up and start using right away. On the other hand, it's difficult to take advantage of tmux's adanced power features without spending some quality alone time with the manual. But the problem with manuals is that they aren't geared toward beginners. They are geared toward helping seasoned developers and computer enthusiasts quickly obtain the