| ''' | |
| Based on https://gist.github.com/enjalot/2904124 (in Python 2) -> quick-migrated to Python 3 | |
| Usage: python server-cors | |
| ''' | |
| import http.server as httpserver | |
| class CORSHTTPRequestHandler(httpserver.SimpleHTTPRequestHandler): | |
| def send_head(self): | |
| """Common code for GET and HEAD commands. |
| gcloud --project $project container clusters list --format json \ | |
| | jq -r '.[] | "\(.name):\(.location)"' \ | |
| | xargs -I @ bash -c \ | |
| "name=\$(echo @ | cut -d ':' -f 1) \ | |
| && region=\$(echo @ | cut -d ':' -f 2) \ | |
| && gcloud --project $project container clusters get-credentials \$name --region \$region" |
java -jar /home/expert/work/tools/apktool.jar d net.flixster.android-9.1.3@APK4Fun.com.apkandroid:networkSecurityConfig="@xml/network_security_config" attribute to application element.<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
If you are getting this in gdb on macOS while trying to run a program:
Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))gdbc)
The last few days I solved the first levels of Nebula. Nebula is an exploit exercise which consists of twenty levels. The level zero to eight where no real trouble. The level09 drove me crazy. I never wrote serious php code so I was not able to solve the string injection without cheating. For [level10] I gave up a bit too early as-well, after the first hint about TOCTOU (time-of-use to time-of-check) made me solve this with two simple bash scripts.
For the Level 11 flag cheating was no option for me. This walk through describes how I did solve this exercise. The description of this exercise states the following:
The /home/flag11/flag11 binary processes standard input and executes a shell command. There are two ways of completing this level, you may wish to do both :-) To do this level, log in as the level11 account with th
(Inspired by https://medium.com/@icanhazedit/clean-up-unused-github-rpositories-c2549294ee45#.3hwv4nxv5)
Open in a new tab all to-be-deleted github repositores (Use the mouse’s middle click or Ctrl + Click) https://github.com/username?tab=repositories
Use one tab https://chrome.google.com/webstore/detail/onetab/chphlpgkkbolifaimnlloiipkdnihall to shorten them to a list.
Save that list to some path
The list should be in the form of “ur_username\repo_name” per line. Use regex search (Sublime text could help). Search for ' |.*' and replace by empty.
| #!/usr/bin/env python2 | |
| import SimpleHTTPServer | |
| import SocketServer | |
| import logging | |
| PORT = 8000 | |
| class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): |
I’m a web app that wants to allow other web apps access to my users’ information, but I want to ensure that the user says it’s ok.
I can’t trust the other web apps, so I must interact with my users directly. I’ll let them know that the other app is trying to get their info, and ask whether they want to grant that permission. Oauth defines a way to initiate that permission verification from the other app’s site so that the user experience is smooth. If the user grants permission, I issue an AuthToken to the other app which it can use to make requests for that user's info.
Oauth2 has nothing to do with encryption -- it relies upon SSL to keep things (like the client app’s shared_secret) secure.
To setup your computer to work with *.test domains, e.g. project.test, awesome.test and so on, without having to add to your hosts file each time.
