Skip to content

Instantly share code, notes, and snippets.

@nikcub
nikcub / satoshi.txt
Last active Aug 29, 2015
Newsweek Satoshi Story
View satoshi.txt
Satoshi Nakamoto stands at the end of his sunbaked driveway looking timorous. And annoyed.
He's wearing a rumpled T-shirt, old blue jeans and white gym socks, without shoes, like he has left the house in a hurry. His hair is unkempt, and he has the thousand-mile stare of someone who has gone weeks without sleep.
He stands not with defiance, but with the slackness of a person who has waged battle for a long time and now faces a grave loss.
Two police officers from the Temple City, Calif., sheriff's department flank him, looking puzzled. "So, what is it you want to ask this man about?" one of them asks me. "He thinks if he talks to you he's going to get into trouble."
"I don't think he's in any trouble," I say. "I would like to ask him about Bitcoin. This man is Satoshi Nakamoto."
@nikcub
nikcub / torrc
Last active Aug 29, 2015
Tor Relay & Bridge Config
View torrc
#
# tor relay / bridge config
#
# apt-get install tor
#
# yum install tor (after adding EPEL or similar as a repo)
#
# dump this config file into the default tor config file location (/etc/tor/torrc)
#
# see also: https://www.torproject.org/docs/installguide.html.en
@nikcub
nikcub / composer.json
Created May 28, 2014
composer example
View composer.json
{
"name": "webwall/site",
"require": {
"php": ">=5.3.3",
"silex/silex": "~1.1",
"twig/twig": "1.*",
"symfony/twig-bridge": "*",
"monolog/monolog": "*",
"symfony/monolog-bridge": "*",
"symfony/security": "*",
@nikcub
nikcub / disqus-xss.html
Created Aug 13, 2014
Disqus for Wordpress v2.7.5 XSS Exploit
View disqus-xss.html
<!--
Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5
Blog post explainer: https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/
12th August 2014
Nik Cubrilovic - www.nikcub.com
Most of these params are unfiltered/injectable. Not framable on newer Wordpress.
View test.php
$ids = array_map('trim', $_POST['ids']);
$ids = array_map('intval', $ids);
$ids = implode(',', array_values($ids));
$db->query("SELECT * from table where id IN(" . $ids . ")");
@nikcub
nikcub / tor-upgrade.md
Last active Aug 29, 2015
Tor HTTP to Onion Upgrade Protocol Draft Proposal
View tor-upgrade.md

Tor HTTP Upgrade Protocol Draft Proposal

Version 0.1

6th December 2014

This is very much a draft - there are many security, privacy and performance considerations

1. Background

View keybase.md

Keybase proof

I hereby claim:

  • I am nikcub on github.
  • I am nikcub (https://keybase.io/nikcub) on keybase.
  • I have a public key whose fingerprint is E207 612C E504 10EF B789 6E34 2E4C E6CA 3D38 5CC5

To claim this, I am signing this object:

@nikcub
nikcub / mails.sh
Created Sep 12, 2011
send email with mail.app via terminal
View mails.sh
#!/bin/sh
/usr/bin/osascript > /dev/null <<ASCPT
set stdinText to "$(cat | sed -e 's/\\/\\\\/g' -e 's/\"/\\\"/g')"
set recipientName to "John Doe"
set recipientAddress to "nobody@nowhere.com"
set theSubject to "Email from standard input"
set theContent to "This email was created and sent using AppleScript!"
tell application "Mail"
@nikcub
nikcub / mails.sh
Created Sep 12, 2011
Send email with Mail.app from command line script
View mails.sh
#!/bin/sh
/usr/bin/osascript > /dev/null <<ASCPT
set stdinText to "$(cat | sed -e 's/\\/\\\\/g' -e 's/\"/\\\"/g')"
set recName to "Nik Cubrilovic"
set recAddr to "nikcub@gmail.com"
set theSubject to "Email from standard input"
tell application "Mail"
@nikcub
nikcub / admin.less
Created Nov 11, 2011
example bootstrap file
View admin.less
// to build:
// lessc <filename> > site.css
// lessc <filename> > site.min.css --compress
// the swatch
@color1: #55626b;
@color2: #6c9380;
@color3: #c1ca55;
@color4: #f07d6b;
@color5: #ad5472;