Skip to content

Instantly share code, notes, and snippets.

View nemobis's full-sized avatar

nemobis

48 followers · 46 following
View GitHub Profile
@nemobis
nemobis / xz-backdoor.md
Created April 1, 2024 10:16 — forked from thesamesam/xz-backdoor.md
xz-utils backdoor situation

FAQ on the xz-utils backdoor

This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless. Unknown unknowns are safer than known unknowns.

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't know much about what's going on.

@nemobis
nemobis / wiki-scraper.rb
Last active September 13, 2017 21:36 — forked from anonymous/wiki-scraper.rb
Google search scraper to list all results likely to be MediaWiki installations
#!/usr/bin/env ruby
# encoding: utf-8
##################################################################################
# Google search scraper to list all results likely to be MediaWiki installations #
# #
# CC-0, ArchiveTeam/WikiTeam, 2013 #
# #
##################################################################################
require 'rubygems'
@nemobis
nemobis / connect.funet.fi-example.html
Created February 8, 2017 14:59
<html xmlns:xxt="http://www.jclark.com/xt/java/com.macromedia.airspeed.servlet.ui.XSLTExtensions">
<head>
<title>THA_250117</title>
<script type="text/javascript" src="/common/scripts/s_code.js?ver=9.5.3"></script><script type="text/javascript" src="/common/scripts/OmnitureTracker.js?ver=9.5.3"></script><script type="text/javascript" src="/common/scripts/modalDialog/jquery-1.7.1.js?ver=9.5.3" charset="utf-8"></script><script type="text/javascript">
var useUASniffing = false;
function setUASniffing(value) {
useUASniffing = value;
}
</script><script>
var isReview = 'false';
@nemobis
nemobis / pidgin-telegram-crash
Created December 17, 2016 09:19
$ pidgin -d
(10:10:41) prefs: Reading /home/federico/.purple/prefs.xml
(10:10:41) prefs: Finished reading /home/federico/.purple/prefs.xml
(10:10:41) prefs: purple_prefs_get_path: Unknown pref /pidgin/browsers/command
(10:10:41) dbus: okkk
(10:10:41) plugins: probing /usr/lib64/pidgin/timestamp_format.so
(10:10:41) plugins: probing /usr/lib64/pidgin/spellchk.so
(10:10:41) plugins: probing /usr/lib64/pidgin/sendbutton.so
(10:10:41) plugins: probing /usr/lib64/pidgin/vvconfig.so
(10:10:41) plugins: probing /usr/lib64/pidgin/timestamp.so
@nemobis
nemobis / commons-interlace-exiftool.sh
Created October 17, 2012 18:08
Silly script to find interlaced images on Commons (bug 17645)
#!/bin/bash
# commons-interlace-exiftool.sh: silly script to find interlaced images on Commons
cat jpgcommons.txt | # Take list of filenames, one per line
while read line # As long as there is another line to read ...
do
URL=$(curl "http://commons.wikimedia.org/w/api.php?action=query&prop=imageinfo&iiprop=url&titles=File:$line&format=xml" | grep -oE 'http://upload.wikimedia.org[^"]+');
echo "URL is $URL"
IDEN=$(curl $URL | exiftool -fast2 - | grep -i "Encoding Process")
# "Baseline DCT" only safe JPEG SOF tag, many less common ones are uncertain
@nemobis
nemobis / commons-interlace.sh
Created October 15, 2012 07:39
Silly script to find interlaced images on Commons (bug 17645)
#!/bin/bash
# commons-interlace.sh: silly script to find interlaced images on Commons
cat jpgcommons.txt | # Take list of filenames, one per line
while read line # As long as there is another line to read ...
do
URL=$(curl "http://commons.wikimedia.org/w/api.php?action=query&prop=imageinfo&iiprop=url&titles=File:$line&format=xml" | grep -oE 'http://upload.wikimedia.org[^"]+');
echo "URL is $URL"
IDEN=$(curl $URL | identify -verbose -)
if grep -qi "Interlace: None" <<< $IDEN; then
@nemobis
nemobis / gist:2011068
Created March 10, 2012 10:19
Wikimedia projects abuse filters
pt.wikiquote:<?xml version="1.0"?><api><query><abusefilters><filter id="6" hits="1" /></abusefilters></query></api>
kk.wikipedia:<?xml version="1.0"?><api><query><abusefilters><filter id="1" hits="479" /></abusefilters></query></api>
hsb.wikipedia:<?xml version="1.0"?><api><query><abusefilters><filter id="1" hits="5" /><filter id="2" hits="3" /></abusefilters></query></api>
fa.wikipedia:<?xml version="1.0"?><api><query><abusefilters><filter id="1" hits="3161" /><filter id="2" hits="7" /><filter id="3" hits="2918" /><filter id="5" hits="988" /><filter id="6" hits="39" /><filter id="7" hits="15636" /><filter id="8" hits="806" /><filter id="9" hits="5330" /><filter id="10" hits="5508" /><filter id="11" hits="4521" /><filter id="12" hits="512" /><filter id="13" hits="1806" /><filter id="14" hits="206" /><filter id="15" hits="5923" /><filter id="16" hits="136" /><filter id="17" hits="16" /><filter id="18" hits="1975" /><filter id="20" hits="1031" /><filter id="21" hits="4582" /><filter id="22" hits="15" /><filter
@nemobis
nemobis / gist:2011077
Created March 10, 2012 10:23
Wikimedia projects abuse filters
ar.wikipedia: Of the last 2,639 actions, 0 (0.00%) have reached the condition limit of 1,000, and 153 (5.80%) have matched one of the filters currently enabled.
cs.wikipedia: Of the last 1,644 actions, 0 (0.00%) have reached the condition limit of 1,000, and 11 (0.67%) have matched one of the filters currently enabled.
da.wikipedia: Of the last 1,593 actions, 0 (0.00%) have reached the condition limit of 1,000, and 12 (0.75%) have matched one of the filters currently enabled.
de.wikipedia: Of the last 8,063 actions, 0 (0.00%) have reached the condition limit of 1,000, and 20 (0.25%) have matched one of the filters currently enabled.
el.wikipedia: Of the last 1,665 actions, 0 (0.00%) have reached the condition limit of 1,000, and 37 (2.22%) have matched one of the filters currently enabled.
en.wikipedia: Of the last 2,133 actions, 11 (0.52%) have reached the condition limit of 1,000, and 35 (1.64%) have matched one of the filters currently enabled.<table class="plainlinks ombox ombox-notice" style="text-align:
@nemobis
nemobis / gist:1705657
Created January 30, 2012 17:51
This file has been truncated, but you can view the full file.
2012-01-30 14:03:53 URL:http://web.me.com/kmiyairi/ [319/319] -> "data/k/km/kmi/kmiyairi/web.me.com/files/web.me.com/kmiyairi/index.html" [1]
http://web.me.com/robots.txt:
2012-01-30 14:03:54 ERRORE 402: Payment Required.
2012-01-30 14:03:55 URL:http://web.me.com/kmiyairi/yasou_JP/yasou_jp.html [21652/21652] -> "data/k/km/kmi/kmiyairi/web.me.com/files/web.me.com/kmiyairi/yasou_JP/yasou_jp.html" [1]
2012-01-30 14:03:55 URL:http://web.me.com/kmiyairi/yasou_JP/yasou_jp_files/yasou_jp.css [9208/9208] -> "data/k/km/kmi/kmiyairi/web.me.com/files/web.me.com/kmiyairi/yasou_JP/yasou_jp_files/yasou_jp.css" [1]
2012-01-30 14:03:55 URL:http://web.me.com/kmiyairi/yasou_JP/Scripts/iWebSite.js [146115/146115] -> "data/k/km/kmi/kmiyairi/web.me.com/files/web.me.com/kmiyairi/yasou_JP/Scripts/iWebSite.js" [1]
2012-01-30 14:03:55 URL:http://web.me.com/kmiyairi/yasou_JP/Scripts/iWebImage.js [39662/39662] -> "data/k/km/kmi/kmiyairi/web.me.com/files/web.me.com/kmiyairi/yasou_JP/Scripts/iWebImage.js" [1]
2012-01-30 14:03:55 URL:http
@nemobis
nemobis / test.log
Created January 22, 2015 18:57
https-everywhere]$ ./test.sh (c5523ad983abf153c22fd5a47acdfdea7708bdde)
https-everywhere]$ ./test.sh
+++ readlink -f ./test.sh
++ dirname /home/federico/mw/https-everywhere/test.sh
+ cd /home/federico/mw/https-everywhere
+ TEST_ADDON_PATH=./https-everywhere-tests/
++ mktemp -d
+ PROFILE_DIRECTORY=/tmp/tmp.tL3sul3IMu
+ trap 'rm -r "$PROFILE_DIRECTORY"' EXIT
+ HTTPSE_INSTALL_DIRECTORY=/tmp/tmp.tL3sul3IMu/extensions/https-everywhere@eff.org
+ ./makexpi.sh