Skip to content

Instantly share code, notes, and snippets.

@stefanocoding
stefanocoding / macos_on_ubuntu.md
Last active August 17, 2024 21:04
Install macOS in a VirtualBox machine on Ubuntu

Important: I'm writing this when the last version of macOS (and the one I have installed) is Mojave. There is already a script which installs Mojave in a virtual machine here https://github.com/img2tab/okiomov. But if you are curios how to do everything manually to install High Sierra, then this guide may be useful.

After reading a few articles I ended up with these steps:

  1. On macOS, download the High Sierra installer (even if you have Mojave installed): https://itunes.apple.com/us/app/macos-high-sierra/id1246284741?ls=1&mt=12
  2. If the High Sierra Installer starts, quit it.
  3. Open "Disk Utility".
  4. Click on "File" > "New Image" > "Blank image...". Or just press cmd+N.
@stefanocoding
stefanocoding / activate_intel_gpu_on_macbookpro.md
Last active July 24, 2024 19:50
Activate integrated Intel GPU of a MacBook Pro Mid 2014 (MacBookPro11,3) on Ubuntu 18.04

This may work with other Macbook Pro models that have an Intel GPU and a NVidia one, but I only have proof that this works on a MacBook Pro Mid 2014 (MacBookPro11,3) with Ubuntu 18.04. If you want to be sure about which model you have, run sudo dmidecode -t system in the Terminal and you will see the information about the system including the serial number and product name (MacBookPro11,3 in my case). I'm assuming you have installed the NVidia propietary drivers, which can be installed from the application "Software & Updates" in the tab "Additional Drivers".

Steps to use the Intel GPU:

  1. Run lspci |grep VGA and check that only one line mentioning "NVIDIA" is printed. This is to be sure that you are required to do the following steps. If two lines appear, and one of those mentions "Intel", then you probably do not need to activate the GPU but only select it as the main GPU (jump to the step where you have to "Open nvidia-settings").
  2. Download apple_set_os.efi from https://github.com/0xbb/apple_se

You do not need to run 80 reconnaissance tools to get access to user accounts

An open redirect was almost everything I needed in two different bug bounty programs to get access to user accounts. In one of the cases a JWT was leaked, and in the other the CSRF token was leaked. The issue was mostly the same in both cases: not validating, or URI encoding, user input in the client-side, and sending sensitive information to my server using an open redirect.

CSRF token bug

  1. There is an open redirect on https://example.com/redirect?url=https://myserver.com/attack.php
  2. User loads https://example.com/?code=VALUE
  3. Javascript code in https://example.com/ makes a GET request to https://example.com/verify/VALUE with a header x-csrf-token set to the CSRF token for the session of the user
    GET /verify/VALUE HTTP/1.1
    Host: example.com
    
@stefanocoding
stefanocoding / window.name.md
Created October 5, 2018 17:19
When `window.name` is evaluated #xss

The following is not a bug in the web browsers - it's supposed to work this way - but is useful in some cases like the one described.

In one of the Javascript files loaded by an endpoint of a private program, they were taking the value of window.name and passing it to something like eval([here]) or setTimeout([here], [some_milliseconds]), I don't remember correctly... The thing is that the value of window.name was being evaluated as Javascript code, so window.name = 'alert()' showed an alert(). To use this behavior for an attack, you have two options:

  1. if the endpoint is frameable from any domain, you can create an <iframe name='[javascript_code_here]' src='[vulnerable_endpoint]'></iframe>
  2. if it's not frameable, you can set window.name = '[javascript_code_here]' in your own domain and then redirect to the vulnerable endpoint

The one I used was the second option. 💰

@stefanocoding
stefanocoding / draw_curve.py
Created October 5, 2017 12:50
Plot curve using OpenCV instead of Matplotlib's plot().
# If you have something like this
matplotlib.pyplot.plot(x_values, y_values, color='yellow')
# You can do the same on OpenCV like this
curve = numpy.column_stack((x_values.astype(numpy.int32), y_values.astype(numpy.int32)))
cv2.polylines(image, [curve], False, (0,255,255))
# And if you need to plot more curves just add them as an element to the array of polygonal curves
curve1 = numpy.column_stack((x1.astype(numpy.int32), y1.astype(numpy.int32)))
curve2 = numpy.column_stack((x2.astype(numpy.int32), y2.astype(numpy.int32)))
@stefanocoding
stefanocoding / huawei_e397b.md
Created February 24, 2018 03:43
Make modem Huawei E397B work on Mac OS X
  1. Install the Connection Manager that is launched when you connect the modem to the Mac
  2. Download the source of usb_modeswitch from here http://www.draisberghof.de/usb_modeswitch/ (at the moment of writing this the file appears with the name usb-modeswitch-2.5.2.tar.bz2)
  3. Run make in the directory of the source you downloaded
  4. Run sudo ./usb_modeswitch -v12d1 -p1505 -X in the same directory

If the last step returns an error (I don't remember the error now, but I was getting an error related to usb_modeswitch not being able to take control of the modem to perfom changes):

  1. Unplug the modem and plug it again
  2. As soon as you plug the modem again, run sudo ./usb_modeswitch -v12d1 -p1505 -X repatedly until you get a successful result
  3. Open Connection Manager and your modem is going to be detected
@stefanocoding
stefanocoding / ManyToManyInput.md
Last active May 20, 2021 11:02
Using a TextInput for a ManyToManyField on Django 3. Compatible with CreateView.

I needed to use a TextInput in a CreateView for a ManyToManyField and I couldn't find a simple good solution. After looking through the Django source code I noticed that value_from_datadict() is used for ManyToManyField inputs.

In the forms.py file you need something like:

from django.forms import ModelForm, TextInput
from .models import Product

class ManyToManyInput(TextInput):
  def value_from_datadict(self, data, files, name):
 value = data.get(name)
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
# python simple-https-server.py
# then in your browser, visit:
# https://localhost:443
from http.server import HTTPServer, BaseHTTPRequestHandler
import ssl

Solution to copy & paste on the Terminal

flatpak override --user --env=PROTON_NO_ESYNC=1 com.valvesoftware.Steam

Explanation

I tried to play World of Warships on Clear Linux using the flatpak of Steam, but the game never started. So, I ran flatpak run com.valvesoftware.Steam on the Terminal to see if there was any useful information. The error that called my attention was eventfd: Too many open files. I did a google search and found some mention about setting PROTON_NO_ESYNC=1 as an environment variable. So, I ran flatpak override --user --env=PROTON_NO_ESYNC=1 com.valvesoftware.Steam on the Terminal, to set the environment variable PROTON_NO_ESYNC=1 for com.valvesoftware.Steam. I tried again and it worked.

If you need/want to generate an AppImage for Bitwig on a non-Debian Linux:

  1. Download or clone https://github.com/AppImage/pkg2appimage
  2. If you don't have Docker installed, install it
  3. Start Docker
  4. Run ./pkg2appimage-with-docker recipes/Bitwig-Studio.yml (for some reason AppImage already has a recipe for Bitwig)
  5. If it fails, and asks you to set the environment variable ARCH: add the line ENV ARCH=x86_64 (or your architecture) to ./Dockerfile, below DOCKER_BUILD=1

Just in case it's not clear: you have to follow the steps on a terminal, at least step 4.