Skip to content

Instantly share code, notes, and snippets.

View gargakshit's full-sized avatar
:fishsticks:

Akshit Garg gargakshit

:fishsticks:
174 followers · 164 following
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active November 5, 2024 05:45
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like support@company.com), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@MartinEesmaa
MartinEesmaa / youtube_formats.md
Last active November 5, 2024 10:26 — forked from AgentOak/youtube_formats.md
Youtube Format IDs

Note: This is all almost full YouTube ID informations. Original owner goes to AgentOak, modified version by Martin Eesmaa.

See the credits and also special thanks in below.

Last updated: October 2024

Also known as itag or format codes and way back they could be specified with the fmt parameter (e.g. &fmt=22). Depending on the age and/or popularity of the video, not all formats will be available.

DASH video

@tothi
tothi / usbgadget_razer.sh
Created August 22, 2021 09:52
Razer USB gadget on Android for Local Privilege Escalation on Windows
# MINIMAL USB gadget setup using CONFIGFS for simulating Razer Gaming HID
# devices for triggering the vulnerable Windows Driver installer
# credits for the Windows Driver install vuln: @j0nh4t
#
# https://twitter.com/j0nh4t/status/1429049506021138437
# https://twitter.com/an0n_r0/status/1429263450748895236
#
# the script was developed & tested on Android LineageOS 18.1
@riobard
riobard / tcpdump.txt
Last active August 12, 2022 08:19
Poem lines broadcast by my ISP-provided fiber optical modem
# My ISP-provided fiber optical modem broadcasts a line of a poem every ten seconds. Here's the tcpdump of the complete poem.
# The optical modem is made by Shanghai Nokia-Bell Co.,Ltd and its model number is G-140W-UD. It's provided by my ISP, China Unicom in Shenzhen.
$ tcpdump -i vlan10 ether proto 0x8300
15:59:00.720301 00:00:00:00:00:12 (oui Ethernet) > Broadcast, ethertype Unknown (0x8300), length 72:
0x0000: 0000 0000 e4ea 8386 d93c 5468 6520 6461 .........<The.da
0x0010: 7920 4920 6c6f 7374 206d 7920 7665 7279 y.I.lost.my.very
0x0020: 2066 6972 7374 2074 6f6f 7468 2c00 0000 .first.tooth,...
0x0030: 0000 0000 0000 0000 0000 ..........
15:59:10.740778 00:00:00:00:00:12 (oui Ethernet) > Broadcast, ethertype Unknown (0x8300), length 72:
@giuliano108
giuliano108 / Guix-on-WSL2.md
Last active November 4, 2024 19:19

Guix on WSL2

(updated versions of this document, plus more, live here)

This will show you how to get Guix running on WSL2.
We're going to go as "minimal" as possible, without starting off one of the readily available WSL2 distros.
Parts of this guide should help with understanding how to set up any custom distro on WSL, not just Guix.

Disclaimer: I'm a Guix nOOb! (hence going through the trouble of installing it on WSL2)

@kraptor
kraptor / ui.nim
Created July 4, 2019 20:01
Mu - Chip-8 Emulator UI made in Nim with Imgui
import os
import math
import strutils
import strformat
import nimgl/opengl
import nimgl/glfw
import nimgl/imgui
import nimgl/imgui/impl_opengl
import nimgl/imgui/impl_glfw
@gargakshit
gargakshit / state.js
Created June 11, 2019 10:15 — forked from dbisso/state.js
Simple state management in vanilla JS
function State() {
this.actions = {};
this.subscriptions = [];
this.history = [];
}
State.prototype.subscribe = function(element, action, callback) {
this.subscriptions[action] = this.subscriptions[action] || [];
this.subscriptions[action].push(function(data) {
callback.apply(element, data);
@miguelmota
miguelmota / pubsub.go
Created October 6, 2018 21:12
Golang redis pub/sub example
package pubsub
import (
"github.com/garyburd/redigo/redis"
log "github.com/sirupsen/logrus"
)
// Service service
type Service struct {
pool *redis.Pool
@saulshanabrook
saulshanabrook / README.md
Created October 19, 2016 14:20
Saving Web Crypto Keys using indexedDB

This is a working example on how to store CryptoKeys locally in your browser. We are able to save the objects, without serializing them. This means we can keep them not exportable (which might be more secure?? not sure what attack vectors this prevents).

To try out this example, first make sure you are in a browser that has support for async...await and indexedDB (latest chrome canary with chrome://flags "Enable Experimental Javascript" works). Load some page and copy and paste this code into the console. Then call encryptDataSaveKey(). This will create a private/public key pair and encrypted some random data with the private key. Then save both of them. Now reload the page, copy in the code, and run loadKeyDecryptData(). It will load the keys and encrypted data and decrypt it. You should see the same data logged both times.

@aras-p
aras-p / preprocessor_fun.h
Last active October 28, 2024 04:51
Things to commit just before leaving your job
// Just before switching jobs:
// Add one of these.
// Preferably into the same commit where you do a large merge.
//
// This started as a tweet with a joke of "C++ pro-tip: #define private public",
// and then it quickly escalated into more and more evil suggestions.
// I've tried to capture interesting suggestions here.
//
// Contributors: @r2d2rigo, @joeldevahl, @msinilo, @_Humus_,
// @YuriyODonnell, @rygorous, @cmuratori, @mike_acton, @grumpygiant,