Skip to content

Instantly share code, notes, and snippets.

View hahwul's full-sized avatar
🔥
I love coffee ☕️

HAHWUL hahwul

🔥
I love coffee ☕️
2.9k followers · 88 following
View GitHub Profile
@esell
esell / stuff.txt
Last active April 12, 2022 15:55
At this point, it is probably easier to just use something like this: https://github.com/reznok/Spring4Shell-POC
- clone https://spring.io/guides/gs/handling-form-submission/
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy)
- install tomcat9 + java 11 (i did it on ubuntu 20.04)
- deploy the war file
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
@straight-shoota
straight-shoota / spindle.cr
Last active November 18, 2023 06:10
Spindle - Structured Concurrency for Crystal (PoC)
def bob
10.times do
puts "B"
sleep 0.006
end
end
def alice
3.times do
puts "A"
@hahwul
hahwul / solid_queue_tips.rb
Last active February 16, 2024 04:36
solid_queue tips
# Get all workers
SolidQueue::Process.all
# Get Pause and Ready Job
SolidQueue::Pause.all.pluck(:queue_name)
SolidQueue::ReadyExecution.where("queue_name LIKE ?", "dc_development_%").distinct(:queue_name).pluck(:queue_name)
# Get Failed Job
SolidQueue::FailedExecution.all
SolidQueue::FailedExecution.count
@adulau
adulau / http2-rapid-reset-ddos-attack.md
Last active November 9, 2024 10:01
HTTP/2 Rapid Reset DDoS Attack

Introduction

This Gist aims to centralise the most relevant public sources of information related to the HTTP/2 Rapid Reset vulnerability. This vulnerability has been disclosed jointly by Google, Amazon AWS, and Cloudflare on 10 October 2023 at 12:00 UTC.

Please help us make this page as comprehensive as possible by contributing relevant references, vendor advisories and statements, mitigations, etc.

References

@Gnzlt
Gnzlt / gourcevideo.sh
Created March 6, 2019 13:25
Gource video export command
#!/bin/bash
gource \
-s .03 \
-1280x720 \
--auto-skip-seconds .1 \
--multi-sampling \
--stop-at-end \
--key \
--highlight-users \
@ichadhr
ichadhr / jekyll-post-thor.md
Last active April 30, 2025 07:33
Jekyll create post with command

CREATE JEKYLL POSTS FROM THE COMMAND LINE

I got tired on creating new files manually for each new post a write so I put together this little command line task with Thor.

It creates a new file in the _posts directory with today’s date, parses the parameters to command as the post’s title and adds that as a slug to the new file. It then writes a default yaml template to the file (as specified in the script).

Running thor jekyll:new New and shiny post will for example create the file _posts/2012-12-28-new-and-shiny-post.markdown, populate it with an yaml template and finally open the file in my favorite editor.

HOW TO

Add the following to your Gemfile:

@terjanq
terjanq / !!Postviewer.md
Last active October 8, 2025 11:40
Game Arcade & Postviewer v3 writeups by @terjanq

Postviewer v3 writeup by @terjanq

As it always have been with my challenges for Google CTF, they are based on real bugs I found internally. This year is a bit different though. This time the bugs were crafted by no other than me myself. One bug didn't manage to reach the production and the other is still present in prod making it effectively a 0day!

Both of my challenges (Postviewer v3 & Game Arcade) for this year are related to a sandboxing I've been working since the first postviewer challenge. You can read a little bit about it in

@hackermondev
hackermondev / zendesk.md
Last active February 5, 2026 09:19
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like support@company.com), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

@ejdyksen
ejdyksen / patch-edid.md
Last active February 11, 2026 23:27
A script to fix EDID problems on external monitors in macOS

patch-edid.rb

A script to fix EDID problems on external monitors in macOS.

Instructions

  1. Connect only the problem display.

  2. Create this directory structure (if it doesn't already exist):

@spilist
spilist / gist:8bbf75568c0214083e4d0fbbc1f8a09c
Created June 29, 2025 12:18
Kent Beck's TDD System Prompt (from https://tidyfirst.substack.com/p/augmented-coding-beyond-the-vibes)
Always follow the instructions in plan.md. When I say "go", find the next unmarked test in plan.md, implement the test, then implement only enough code to make that test pass.
# ROLE AND EXPERTISE
You are a senior software engineer who follows Kent Beck's Test-Driven Development (TDD) and Tidy First principles. Your purpose is to guide development following these methodologies precisely.
# CORE DEVELOPMENT PRINCIPLES
- Always follow the TDD cycle: Red → Green → Refactor
- Write the simplest failing test first