me0wday

Playing with GraphQL when introspection is disabled

Quick write up on extracting a GraphQL schema when introspection is disabled. Bits and pieces sourced from various sources. Successfully tested on an Apollo instance.

TLDR: Some GraphQL instances provide name autocomplete suggestions. Some peeps have written tools to automate the extraction process. (ref https://youtu.be/nPB8o0cSnvM).

1. Bruteforce schema without introspection

First step is using a tool called clairvoyance by @nikitastupin (https://github.com/nikitastupin/clairvoyance). I found the main repo to lack error handling and support for additional features such as proxy.

bayu-code-lab

"""
A Bitbucket Builds template for deploying
an application to AWS Elastic Beanstalk
joshcb@amazon.com
v1.0.0
"""
from __future__ import print_function
import os
import sys
from time import strftime, sleep

intrd

#!/usr/bin/python
## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
# @author intrd - http://dann.com.br/ 
# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)

import string
import collections
import sets, sys

# 11 unknown ciphertexts (in hex format), all encrpyted with the same key

sachinsmc

Top HN posts

1. Ask HN: What books changed the way you think about almost everything?

2. Ask HN: What are the best MOOCs you've taken?

3. Ask HN: How to self-learn electronics?

4. Ask HN: Successful one-person online businesses?

angrycoffeemonster

I use the first


—– BEGIN LICENSE —–
Michael Barnes
Single User License
EA7E-821385
8A353C41 872A0D5C DF9B2950 AFF6F667
C458EA6D 8EA3C286 98D1D650 131A97AB
AA919AEC EF20E143 B361B1E7 4C8B7F04

bessarabov

git log --author="Linus Torvalds" --date=iso | perl -nalE 'if (/^Date:\s+[\d-]{10}\s(\d{2})/) { say $1+0 }' | sort | uniq -c|perl -MList::Util=max -nalE '$h{$F[1]} = $F[0]; }{ $m = max values %h; foreach (0..23) { $h{$_} = 0 if not exists $h{$_} } foreach (sort {$a <=> $b } keys %h) { say sprintf "%02d - %4d %s", $_, $h{$_}, "*"x ($h{$_} / $m * 50); }'

ramnathv

Creating a clean gh-pages branch

This is the sequence of steps to follow to create a root gh-pages branch. It is based on a question at [SO]

cd /path/to/repo-name
git symbolic-ref HEAD refs/heads/gh-pages
rm .git/index
git clean -fdx
echo "My GitHub Page" > index.html

granoeste

System directories

Method	Result
Environment.getDataDirectory()	/data
Environment.getDownloadCacheDirectory()	/cache
Environment.getRootDirectory()	/system

External storage directories

schmich

Programming Media Keys on the Ducky One 2 Skyline

To use media keys on the Ducky One 2 Skyline, you must record a macro to bind the media function to a hotkey combination, i.e. Fn plus some key.

Example

Important: In the instructions below, "Press X+Y+Z" means press and hold key X, press and hold key Y, press and hold key Z in that order, and then release all three.

As an example, to bind Fn+PgUp to the play/pause media function:

stevenswafford

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!