Skip to content

Instantly share code, notes, and snippets.

View fishi0x01's full-sized avatar
💾
0x01

Karl Fischer fishi0x01

💾
0x01
View GitHub Profile
@tstellanova
tstellanova / setup_rpi_openocd.md
Last active June 25, 2021 01:02
Setup rpi0 with openocd for flashing nrf52

Instructions for setting up a Raspberry Pi Zero for running OpenOCD specifically for the purpose of disabling Access Port Protection on nrf52 boards.

Build OpenOCD with CMSIS-DAP and GPIO support

The below script builds natively on the RPi0, and will take a very long time.

sudo apt install wget git autoconf libtool make pkg-config libusb-1.0-0 libusb-1.0-0-dev libhidapi-dev libftdi-dev libhidapi-dev telnet
git clone https://github.com/ntfreak/openocd
cd openocd
./bootstrap
Jenkinsfile VIM syntax highlighting
echo 'au BufNewFile,BufRead Jenkinsfile setf groovy' >> ~/.vimrc
@xsot
xsot / instructions.md
Last active March 3, 2024 13:42
sed maze solver

Usage

sed -E -f solver.sed input where input is a file containing the maze.

For best results, resize your terminal to match the height of the maze. To disable animations, delete the lines containing p.

Maze format

The solver assumes the following:

  • The maze only contains the characters # \nSE
  • Every line has the same number of characters
  • There is only one start (S) and end (E)
@patricksurry
patricksurry / README.md
Last active June 20, 2023 14:29
D3 + simpleheat.js geographic heatmap

Illustrates how to use Vladimir Agafonkin's clever simpleheat JS library to overlay a heatmap of Hopper search destinations on a D3 map.

Just for fun we use a separate svg layer 'under' the canvas to display the map, although it's easy enough to have D3 render direct to the canvas. The default canvas (and svg) 'background' is transparent so we can see through layers, making it easy to build up (say) an animated heatmap over a static map without continually redrawing the latter.

@mgoodness
mgoodness / helm-rbac.md
Last active October 30, 2021 17:04
Helm RBAC setup for K8s v1.6+ (tested on minikube)
kubectl -n kube-system create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller
@evansde77
evansde77 / mock_requests.py
Last active January 31, 2024 08:49
Example of mocking requests calls
#!/usr/bin/env python
"""
mocking requests calls
"""
import mock
import unittest
import requests
from requests.exceptions import HTTPError
@dergachev
dergachev / setuid-root-backdoor.md
Last active March 16, 2024 00:49
How to use setuid to install a root backdoor.

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur