Mehtab Zafar mzfr

## rubikstega.py
# Values from the white paper
EXAMPLE_PHDR = 'L2 F\' B2 U D2 B U D\' F2 L\' F U2 R U\' L\' R\' U\' B F D U\''.split(" ")
EXAMPLE_LHDR = 'B U2 D2 R\' F U2 B R L\' B L\' B L\' D F\' L U\' B2 R F2 L\' F2'.split(" ")
EXAMPLE_MSG = 'F L U2 L2 F\' B D\' B2 L\' B\' U L2 F\' R2 D\' B\' U\' L\' B R D2 L2 R\' B F2 D\' U R B D2 U2 R2 U\' F2 R2 F D F2 B2 D\' R\' D R\' U\' F\' B2 U F2 D R U L F U2 L2 D R B D\' B\' U L U\''.split(" ")

# Values from the challenge
CHALL_PHDR = 'B2 R U F\' R\' L\' B B2 L F D D\' R\' F2 D\' R R D2 B\' L R'.split(" ")
CHALL_LHDR = 'L\' L B F2 R2 F2 R\' L F\' B\' R D\' D\' F U2 B\' U U D\' U2 F\''.split(" ")
CHALL_MSG = 'L F\' F2 R B R R F2 F\' R2 D F\' U L U\' U\' U F D F2 U R U\' F U B2 B U2 D B F2 D2 L2 L2 B\' F\' D\' L2 D U2 U2 D2 U B\' F D R2 U2 R\' B\' F2 D\' D B\' U B\' D B\' F\' U\' R U U\' L\' L\' U2 F2 R R F L2 B2 L2 B B\' D R R\' U L'.split(" ")

## allah-and-gsoc-irc-chat.txt
[6:48 pm] <Guest25582> http://oortr.com/YmU5NT
[6:48 pm] <valorie> rather than pasting a random link, why not say what it is, Guest25582?
[6:48 pm] <Guest25582> Allah is doing
[6:48 pm] <Guest25582> sun is not doing Allah is doing
[6:48 pm] <Guest25582> moon is not doing Allah is doing
[6:48 pm] <meflin> this channel is about GSOC
[6:48 pm] <Guest25582> stars are not doing Allah is doing
[6:48 pm] <valorie> please stay on topic or leave, Guest25582
[6:48 pm] <Guest25582> planets are not doing Allah is doing
[6:48 pm] <valorie> pfff

## twitter-quiz.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              6 stars
            
          
                securityMB
                / twitter-quiz.md
            
            
              Last active
              July 16, 2021 04:07
            
              
                Twitter quiz solution
              
          
    Yesterday I posted a little quiz on Twitter about HTML parsing.
The question was: what element is going to be the parent of the final <s> in the following snippet of HTML:
<div><table><svg><foreignObject><select><table><s>
The final answers are:

  
## kindle.rb
#!/usr/bin/env ruby

# gem install active_support
require 'active_support/inflector'
require 'active_support/core_ext/string'

# gem install webrick (only ruby3)
require 'webrick'

# gem install mechanize

## gitlab-to-bitbucket.py
import os
import re
import subprocess

import requests


GITLAB_ENDPOINT = os.environ["GITLAB_ENDPOINT"]
GITLAB_TOKEN = os.environ["GITLAB_TOKEN"]

## gist:3943830
Select all and delete (actually move to buffer)
:%d

Select all and copy to buffer
:%y

Use p to paste the buffer.

## broken_link_hijacking.md

      
              1 file
            
          
              8 forks
            
          
              0 comments
            
          
              32 stars
            
          
                EdOverflow
                / broken_link_hijacking.md
            
            
              Last active
              May 30, 2023 18:31
            
              
                This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
              
          
    Broken Link Hijacking - How expired links can be exploited.

Broken Link Hijacking (BLH) exists whenever a target links to an expired domain or page. Broken Link Hijacking comes in two forms, reflected and stored. This issue has been exploited in the wild numerous times, but surprisingly few researchers actively look for broken links in bug bounty programs.

This post aims to give you a basic overview of the different issues that could possibly arise if a target links to an expired endpoint.
Stored Broken Link Hijacking


## nomad.md

      
              1 file
            
          
              1 fork
            
          
              2 comments
            
          
              5 stars
            
          
                rosswd
                / nomad.md
            
            
              Last active
              June 10, 2023 11:27
            
              
                Digital Nomad
              
          
    Stories


levels.io
Nomadlist Stories
One-way Ticket - Documentary
1 year as a Digital Nomad
Learn from 20 Female Digital Nomads
Indiehackers Interviews

Community


Nomadforum


## vandalism.yml
# This is a proof-of-concept for a security bug in GitHub Actions which has since been fixed.
# See https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html for more information.
# The proof-of-concept was only ever used in a test environment to validate the existence of the
# vulnerability, and is shown here for educational purposes.
#
# The proof-of-concept would have the effect of creating a `vandalism.md` file, containing vandalism,
# on the default branch of a victim repository.
#
# To use the proof-of-concept, the steps would have been:
# 1. Fork the victim repository

## loadPcap.py
#!/usr/bin/env python3
from scapy.all import *
from py2neo import Graph, Node, Relationship

packets = rdpcap("<your_pcap_file>")
g = Graph(password="<your_neo4j_password>")


for packet in packets.sessions():
    pkt = packet.split()
	# Values from the white paper
	EXAMPLE_PHDR = 'L2 F\' B2 U D2 B U D\' F2 L\' F U2 R U\' L\' R\' U\' B F D U\''.split(" ")
	EXAMPLE_LHDR = 'B U2 D2 R\' F U2 B R L\' B L\' B L\' D F\' L U\' B2 R F2 L\' F2'.split(" ")
	EXAMPLE_MSG = 'F L U2 L2 F\' B D\' B2 L\' B\' U L2 F\' R2 D\' B\' U\' L\' B R D2 L2 R\' B F2 D\' U R B D2 U2 R2 U\' F2 R2 F D F2 B2 D\' R\' D R\' U\' F\' B2 U F2 D R U L F U2 L2 D R B D\' B\' U L U\''.split(" ")

	# Values from the challenge
	CHALL_PHDR = 'B2 R U F\' R\' L\' B B2 L F D D\' R\' F2 D\' R R D2 B\' L R'.split(" ")
	CHALL_LHDR = 'L\' L B F2 R2 F2 R\' L F\' B\' R D\' D\' F U2 B\' U U D\' U2 F\''.split(" ")
	CHALL_MSG = 'L F\' F2 R B R R F2 F\' R2 D F\' U L U\' U\' U F D F2 U R U\' F U B2 B U2 D B F2 D2 L2 L2 B\' F\' D\' L2 D U2 U2 D2 U B\' F D R2 U2 R\' B\' F2 D\' D B\' U B\' D B\' F\' U\' R U U\' L\' L\' U2 F2 R R F L2 B2 L2 B B\' D R R\' U L'.split(" ")
	[6:48 pm] <Guest25582> http://oortr.com/YmU5NT
	[6:48 pm] <valorie> rather than pasting a random link, why not say what it is, Guest25582?
	[6:48 pm] <Guest25582> Allah is doing
	[6:48 pm] <Guest25582> sun is not doing Allah is doing
	[6:48 pm] <Guest25582> moon is not doing Allah is doing
	[6:48 pm] <meflin> this channel is about GSOC
	[6:48 pm] <Guest25582> stars are not doing Allah is doing
	[6:48 pm] <valorie> please stay on topic or leave, Guest25582
	[6:48 pm] <Guest25582> planets are not doing Allah is doing
	[6:48 pm] <valorie> pfff
	#!/usr/bin/env ruby

	# gem install active_support
	require 'active_support/inflector'
	require 'active_support/core_ext/string'

	# gem install webrick (only ruby3)
	require 'webrick'

	# gem install mechanize
	import os
	import re
	import subprocess

	import requests


	GITLAB_ENDPOINT = os.environ["GITLAB_ENDPOINT"]
	GITLAB_TOKEN = os.environ["GITLAB_TOKEN"]
	Select all and delete (actually move to buffer)
	:%d

	Select all and copy to buffer
	:%y

	Use p to paste the buffer.
	# This is a proof-of-concept for a security bug in GitHub Actions which has since been fixed.
	# See https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html for more information.
	# The proof-of-concept was only ever used in a test environment to validate the existence of the
	# vulnerability, and is shown here for educational purposes.
	#
	# The proof-of-concept would have the effect of creating a `vandalism.md` file, containing vandalism,
	# on the default branch of a victim repository.
	#
	# To use the proof-of-concept, the steps would have been:
	# 1. Fork the victim repository
	#!/usr/bin/env python3
	from scapy.all import *
	from py2neo import Graph, Node, Relationship

	packets = rdpcap("<your_pcap_file>")
	g = Graph(password="<your_neo4j_password>")


	for packet in packets.sessions():
	pkt = packet.split()