Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, Zain Memon, and Chris Armstrong for review.
This is a guide for technical individuals to understand in what circumstances SSL communications are secure against an observer-in-the-middle (for all intents and purposes: the NSA).
| // Reference: http://stackoverflow.com/questions/4822471/count-number-of-lines-in-a-git-repository | |
| $ git ls-files | xargs wc -l |
| # Hello, and welcome to makefile basics. | |
| # | |
| # You will learn why `make` is so great, and why, despite its "weird" syntax, | |
| # it is actually a highly expressive, efficient, and powerful way to build | |
| # programs. | |
| # | |
| # Once you're done here, go to | |
| # http://www.gnu.org/software/make/manual/make.html | |
| # to learn SOOOO much more. |
Other languages:
by injecting commands into the wifi channel config
This exploit requires opening the "Files" page of the card's web interface and escaping to the root of the file system.
| (function() { | |
| var notify = false; | |
| if ("Notification" in window) { | |
| if (Notification.permission === "granted") { | |
| notify = true; | |
| } else if (Notification.permission === "default") { | |
| Notification.requestPermission(function(permission) { | |
| if (!("permission" in Notification && permission === "granted")) { | |
| Notification.permission = permission; |
| (function() { | |
| API.chatLog("Autowoot turned ON"); | |
| API.chatLog("Credit: http://benzi.io"); | |
| $("#woot").click(); | |
| API.on(API.ADVANCE,function(){ | |
| setTimeout(function(){ | |
| $("#woot").click(); | |
| },1000); | |
| }); |
You got your hands on some data that was leaked from a social network and you want to help the poor people.
Luckily you know a government service to automatically block a list of credit cards.
The service is a little old school though and you have to upload a CSV file in the exact format. The upload fails if the CSV file contains invalid data.
The CSV files should have two columns, Name and Credit Card. Also, it must be named after the following pattern:
YYYYMMDD.csv.
| DECLARE SUB game () | |
| SCREEN 9 | |
| RANDOMIZE TIMER | |
| COLOR 4, 0 | |
| CLS | |
| WIDTH 80 | |
| INPUT "what is your choice"; choice | |
| IF choice = 1 THEN game | |
| SUB game |
| # Download latest archlinux bootstrap package, see https://www.archlinux.org/download/ | |
| wget 'ftp://ftp.nluug.nl/pub/os/Linux/distr/archlinux/iso/latest/archlinux-bootstrap-*-x86_64.tar.gz' | |
| # Make sure you'll have enough entropy for pacman-key later. | |
| apt-get install haveged | |
| # Install the arch bootstrap image in a tmpfs. | |
| mount -t tmpfs none /mnt | |
| cd /mnt | |
| tar xvf ~/archlinux-bootstrap-*-x86_64.tar.gz --strip-components=1 |
| Why do compilers even bother with exploiting undefinedness signed overflow? And what are those | |
| mysterious cases where it helps? | |
| A lot of people (myself included) are against transforms that aggressively exploit undefined behavior, but | |
| I think it's useful to know what compiler writers are accomplishing by this. | |
| TL;DR: C doesn't work very well if int!=register width, but (for backwards compat) int is 32-bit on all | |
| major 64-bit targets, and this causes quite hairy problems for code generation and optimization in some | |
| fairly common cases. The signed overflow UB exploitation is an attempt to work around this. |
