Skip to content

Instantly share code, notes, and snippets.

View davidxia's full-sized avatar
🏠
EST working hours

David Xia davidxia

🏠
EST working hours
106 followers · 1 following
View GitHub Profile
@davidxia
davidxia / gist:1292b0caa96079a7f9c6356c6df38b01
Last active December 28, 2021 15:12
Get all credentials of all GKE clusters in a project using fish, gcloud, jq, and xargs
gcloud --project $project container clusters list --format json \
| jq -r '.[] | "\(.name):\(.location)"' \
| xargs -I @ bash -c \
"name=\$(echo @ | cut -d ':' -f 1) \
&& region=\$(echo @ | cut -d ':' -f 2) \
&& gcloud --project $project container clusters get-credentials \$name --region \$region"
@graugans
graugans / nebula-level11.md
Created December 23, 2016 14:41

How I solved Nebula Level 11

The last few days I solved the first levels of Nebula. Nebula is an exploit exercise which consists of twenty levels. The level zero to eight where no real trouble. The level09 drove me crazy. I never wrote serious php code so I was not able to solve the string injection without cheating. For [level10] I gave up a bit too early as-well, after the first hint about TOCTOU (time-of-use to time-of-check) made me solve this with two simple bash scripts.

For the Level 11 flag cheating was no option for me. This walk through describes how I did solve this exercise. The description of this exercise states the following:

The /home/flag11/flag11 binary processes standard input and executes a shell command.  There are two ways of completing this level, you may wish to do both :-) To do this level, log in as the level11 account with th
@mkows
mkows / server-cors.py
Created July 31, 2019 15:16
Allow CORS with python Simple HTTP Server – for Python 3
'''
Based on https://gist.github.com/enjalot/2904124 (in Python 2) -> quick-migrated to Python 3
Usage: python server-cors
'''
import http.server as httpserver
class CORSHTTPRequestHandler(httpserver.SimpleHTTPRequestHandler):
def send_head(self):
"""Common code for GET and HEAD commands.
@mziwisky
mziwisky / Oauth2.md
Last active February 15, 2024 23:31
Oauth2 Explanation

OAUTH2

The Problem

I’m a web app that wants to allow other web apps access to my users’ information, but I want to ensure that the user says it’s ok.

The Solution

I can’t trust the other web apps, so I must interact with my users directly. I’ll let them know that the other app is trying to get their info, and ask whether they want to grant that permission. Oauth defines a way to initiate that permission verification from the other app’s site so that the user experience is smooth. If the user grants permission, I issue an AuthToken to the other app which it can use to make requests for that user's info.

Note on encryption

Oauth2 has nothing to do with encryption -- it relies upon SSL to keep things (like the client app’s shared_secret) secure.

@crccheck
crccheck / README.md
Last active March 2, 2024 16:39
Python Packaging

What the Hell? -- A Journey Through the Nine Circles of Python Packing

Writing a setup.py

map

I am no Virgil, but having stumbled my way through Python packaging a few times already, I'm documenting the things I learn as I go here.

To help me learn, I took a survey of the top 15 Python packages on Github along with 12 other commonly referenced packages. I thought... if there are any best

@gravitylow
gravitylow / codesign_gdb.md
Last active April 16, 2024 02:18 — forked from hlissner/codesign_gdb.md
Codesign gdb on macOS

If you are getting this in gdb on macOS while trying to run a program:

Unable to find Mach task port for process-id 57573: (os/kern) failure (0x5).
 (please check gdb is codesigned - see taskgated(8))
  1. Open Keychain Access
  2. In menu, open Keychain Access > Certificate Assistant > Create a certificate
  3. Give it a name (e.g. gdbc)
@phrawzty
phrawzty / 2serv.py
Last active May 2, 2024 12:27
simple python http server to dump request headers
#!/usr/bin/env python2
import SimpleHTTPServer
import SocketServer
import logging
PORT = 8000
class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
@unoexperto
unoexperto / patch_apk_for_sniffing.md
Last active May 13, 2024 04:15
How to patch Android app to sniff its HTTPS traffic with self-signed certificate

How to patch Android app to sniff its HTTPS traffic with self-signed certificate

  • Download apktool from https://ibotpeaches.github.io/Apktool/
  • Unpack apk file: java -jar /home/expert/work/tools/apktool.jar d net.flixster.android-9.1.3@APK4Fun.com.apk
  • Modify AndroidManifest.xml by adding android:networkSecurityConfig="@xml/network_security_config" attribute to application element.
  • Create file /res/xml/network_security_config.xml with following content:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>
@ogrrd
ogrrd / dnsmasq OS X.md
Last active May 14, 2024 08:39
Setup dnsmasq on OS X

Never touch your local /etc/hosts file in OS X again

To setup your computer to work with *.test domains, e.g. project.test, awesome.test and so on, without having to add to your hosts file each time.

Requirements

Install

@bradmontgomery
bradmontgomery / dummy-web-server.py
Last active May 14, 2024 18:19
a minimal http server in python. Responds to GET, HEAD, POST requests, but will fail on anything else.
#!/usr/bin/env python
"""
Very simple HTTP server in python (Updated for Python 3.7)
Usage:
./dummy-web-server.py -h
./dummy-web-server.py -l localhost -p 8000
Send a GET request: