brew install mutt
- setup an app password for mutt in gmail
- setup an app password for imap_notifier in gmail
brew install terminal-notifier
terminal-notifiergem install imap_notifier
imap_notifierbrew install urlview
brew install w3m
(links
would be OK too)- Install pandoc to author in markdown and send as HTML
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
most recent readme: https://gist.github.com/2000446 | |
//This skin really isn't completely ready for a release. | |
//It is tailored towards my way of tagging files and is made for last.fm users. | |
To install unpack and move folder contents into foobar2000 installation directory. | |
Also, be sure to delete user_profiles_enabled from said directory. | |
Open foobar2000 goto 'Preferences>Display/Columns UI/Main' | |
Click import and import 'foo_ncmpcpp_mod.fcl' from the 'skins/masood_' folder. | |
Make sure to install the included fonts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was an XSD challenge, which nobody, as far as I know, solved in an intended way. We weren't quite sure that this was xsd, and found SQLi first. | |
The vulnerable interface was parsing XML from POST requests to /tickets.php and its id parameter was vulnerable to sqli. We quickly understood that the WAF enforced the parameter length to be exactly 35 chars long, which was a nuisance. Fortunately, we found that changing host to foo.waf-bypass.com (from the intended choo-choo.waf-bypass.com) removed that restriction. All that was left was to bypass the syntax anomaly detection, which was quite easy. The final vector is as follows (db was postgres, so this uses a relatively new error-based box() vector with xml functions to quickly get all database): | |
POST /tickets.php HTTP/1.1 | |
Host: hui.phdays.com | |
Content-Type: text/xml | |
X-Requested-With: XMLHttpRequest | |
Referer: http://choo-choo.phdays.com/index.php?search=%27%22%3E | |
Content-Length: 174 | |
Cookie: WAFBYPASS=5727e690-39f4-44f1-a271-c6edfc1b4336 | |
Connection: keep-alive |
I hereby claim:
- I am dayn1ne on github.
- I am dayn1ne (https://keybase.io/dayn1ne) on keybase.
- I have a public key ASDbKB3LRWw0Nc9YqENA51E9XpYZ-zFhuOkB848RJZNq6Ao
To claim this, I am signing this object: