terjanq

Postviewer v3 writeup by @terjanq

As it always have been with my challenges for Google CTF, they are based on real bugs I found internally. This year is a bit different though. This time the bugs were crafted by no other than me myself. One bug didn't manage to reach the production and the other is still present in prod making it effectively a 0day!

Both of my challenges (Postviewer v3 & Game Arcade) for this year are related to a sandboxing I've been working since the first postviewer challenge. You can read a little bit about it in

dhh

# THIS LINUX SETUP SCRIPT HAS MORPHED INTO A WHOLE PROJECT: HTTPS://OMAKUB.ORG
# PLEASE CHECKOUT THAT PROJECT INSTEAD OF THIS OUTDATED SETUP SCRIPT.
#
#

# Libraries and infrastructure
sudo apt update -y
sudo apt install -y \
	docker.io docker-buildx \
	build-essential pkg-config autoconf bison rustc cargo clang \

hahwul

# Get all workers
SolidQueue::Process.all

# Get Pause and Ready Job
SolidQueue::Pause.all.pluck(:queue_name)
SolidQueue::ReadyExecution.where("queue_name LIKE ?", "dc_development_%").distinct(:queue_name).pluck(:queue_name)

# Get Failed Job
SolidQueue::FailedExecution.all
SolidQueue::FailedExecution.count

adulau

Introduction

This Gist aims to centralise the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.

Please help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.

References

• CVE-2023-44487, CIRCL CVE Search
• How AWS protects customers from DDoS events, AWS

esell

At this point, it is probably easier to just use something like this: https://github.com/reznok/Spring4Shell-POC


- clone https://spring.io/guides/gs/handling-form-submission/
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy)
- install tomcat9 + java 11 (i did it on ubuntu 20.04)
- deploy the war file
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT

Gnzlt

#!/bin/bash

gource \
    -s .03 \
    -1280x720 \
    --auto-skip-seconds .1 \
    --multi-sampling \
    --stop-at-end \
    --key \
    --highlight-users \

straight-shoota

def bob
  10.times do
    puts "B"
    sleep 0.006
  end
end

def alice
  3.times do
    puts "A"

tomnomnom

// How many ways can you alert(document.domain)?
// Comment with more ways and I'll add them :)
// I already know about the JSFuck way, but it's too long to add (:

// Direct invocation
alert(document.domain);
(alert)(document.domain);
al\u0065rt(document.domain);
al\u{65}rt(document.domain);
window['alert'](document.domain);

nikhita

How to update the Go version

System: Debian/Ubuntu/Fedora. Might work for others as well.

1. Uninstall the exisiting version

As mentioned here, to update a go version you will first need to uninstall the original version.

To uninstall, delete the /usr/local/go directory by:

ichadhr

CREATE JEKYLL POSTS FROM THE COMMAND LINE

I got tired on creating new files manually for each new post a write so I put together this little command line task with Thor.

It creates a new file in the _posts directory with today’s date, parses the parameters to command as the post’s title and adds that as a slug to the new file. It then writes a default yaml template to the file (as specified in the script).

Running thor jekyll:new New and shiny post will for example create the file _posts/2012-12-28-new-and-shiny-post.markdown, populate it with an yaml template and finally open the file in my favorite editor.

HOW TO

Add the following to your Gemfile: