Skip to content

Instantly share code, notes, and snippets.

View sei0o's full-sized avatar

Seio Inoue sei0o

  • The University of Tokyo (eeic2023)
  • Tokyo, Japan (UTC+9)
  • 04:32 (UTC +09:00)
View GitHub Profile
@ftpmorph
ftpmorph / Details and config tips.txt
Last active April 22, 2024 19:47
Amazon AWS S3 IAM permissions required for Mastodon
When setting up a Mastodon instance I had a very hard time working out the required S3 permissions.
Wasted a day on it. None of the tutorials or even the official documentation gave me this information.
In the end I gave up and just gave it blanket access to all permissions for the Mastodon bucket (S3Administrator).
But this didn't set well with me - I don't like granting unnecessary permissions, especially not when S3 has about 100 of them.
If the server were to become compromised or the keys were to otherwise fall into the wrong hands I'd want a potentially malicious actor to have as limited permissions as possible.
Anyway I finally worked out the permissions required to for Mastodon to function with an S3 bucket as its media storage.
See below for the IAM policy.
@putraxor
putraxor / infinite_scroll.dart
Created March 22, 2018 14:27
Flutter infinite scrolling
import 'dart:async';
import 'package:flutter/material.dart';
class InfiniteScroll extends StatefulWidget {
@override
_InfiniteScrollState createState() => new _InfiniteScrollState();
}
class _InfiniteScrollState extends State<InfiniteScroll> {
@itszn
itszn / exploit.html
Last active April 9, 2021 18:31
34c3ctf V9 Exploit
<script>
function gc() { for (let i = 0; i < 0x10; i++) { new ArrayBuffer(0x1000000); } }
var sc = [];
for (var i=0; i<0x480; i++) {
sc.push(0x90);
}
//sc.push(0xcc);
//sc.push(0xeb);
//sc.push(0xfe);
@Dih5
Dih5 / compile.sh
Created December 5, 2017 15:01
Compile with lualatex + biber
#!/bin/bash
OUTDIR=/tmp/ramdisk
FILENAME=foobar
OPTIONS="--synctex=1 -interaction=nonstopmode"
mkdir -p $OUTDIR
lualatex $OPTIONS --output-directory=$OUTDIR $FILENAME.tex
@AkashiSN
AkashiSN / ctf_tools.sh
Last active June 25, 2024 03:26
CTF tool installation script.
#!/bin/bash
# Advance preparation
echo "source $HOME/.ctf_tool" >> $HOME/.zshrc
# Support 32-bit elf.
sudo apt install -y lib32z1
# Install other tools.
sudo apt install -y gdb binutils build-essential strace ltrace\
@okapies
okapies / mastodon-client.md
Last active October 3, 2023 10:18
Mastodon API の叩き方

Mastodon の API を叩くには以下の手順を踏む必要がある:

  1. OAuth2 クライアントを登録する
  2. アクセストークンを取得する
  3. アクセストークンを Authorization ヘッダに指定して API にアクセスする

OAuth2 クライアント登録

Mastodon の Apps API に登録情報を送ってクライアントを払い出してもらう(一度だけやれば OK).

@jtallant
jtallant / setting-up-sinatra-with-active-record.md
Last active March 25, 2024 13:26
Setting up Sinatra with Active Record

Setting up Sinatra Project

create an empty project and add a Gemfile

cd ~/Desktop
mkdir project-name
cd project-name
touch Gemfile
@acamino
acamino / README.md
Last active July 5, 2024 02:27
Shortcuts to Improve Your Bash & Zsh Productivity

Shortcut — Action

  • CTRL + A — Move to the beginning of the line
  • CTRL + E — Move to the end of the line
  • CTRL + [left arrow] — Move one word backward (on some systems this is ALT + B)
  • CTRL + [right arrow] — Move one word forward (on some systems this is ALT + F)
  • CTRL + U — (bash) Clear the characters on the line before the current cursor position
  • CTRL + U —(zsh) If you're using the zsh, this will clear the entire line
  • CTRL + K — Clear the characters on the line after the current cursor position
  • ESC + [backspace] — Delete the word in front of the cursor

Your First Format String Attacks.

1. What's the `Format String Bugs'?

 Format String Bugs(以降, FSBとする)とは, sprintf()fprintf()などのprintf関数群やsyslog()などのFormat Strings(以降, 書式指定子とする)を扱える関数において, ユーザが自由に書式指定子を配置できるバグである. これを利用した攻撃手法をFormat String Attacksと呼び, この攻撃によりターゲットとなるプロセスがアクセス可能な任意のメモリの読み書きが行えるようになる. また, それを利用しプログラムの制御を乗っ取ることも可能である.
 実際のプログラムに多く存在するとは到底言えないような脆弱性ではあるが稀に見つかることはある. CVE-2012-0809[1]ではsudoのデバッグ機能にFSBが見つかり, 実際にlocal exploitが公開されたりもした. 前述の通り珍しいものではあるが, 任意のメモリの書き換えができるなど非常に強力なものであることからCTFではよく題材にされる.
 この記事ではFSBの検証に以下の環境を使用した.

sh-4.3$ uname -a
Linux Arch_Laptop 4.0.4-1-ARCH #1 SMP PREEMPT Mon May 18 06:43:19 CEST 2015 x86_64 GNU/Linux
@shoya140
shoya140 / gist:db4e3a1e7860eec4407d
Last active August 29, 2015 14:20
SIFlatButton
//
// SIFlatButton.swift
// TwitterClone
//
// Created by Shoya Ishimaru on 2015/05/08.
// Copyright (c) 2015年 shoya140. All rights reserved.
//
import UIKit