I hereby claim:
- I am dayn1ne on github.
- I am dayn1ne (https://keybase.io/dayn1ne) on keybase.
- I have a public key ASDbKB3LRWw0Nc9YqENA51E9XpYZ-zFhuOkB848RJZNq6Ao
To claim this, I am signing this object:
dayn1ne dayn1ne
dayn1ne
/ keybase.md
Created
July 18, 2019 16:39
dayn1ne
/ mutt_notes.markdown
Created
December 18, 2015 18:49
— forked from markjlorenz/mutt_notes.markdown
Notes on getting Mutt running on OSX
brew install mutt- setup an app password for mutt in gmail
- setup an app password for imap_notifier in gmail
brew install terminal-notifierterminal-notifiergem install imap_notifierimap_notifierbrew install urlviewbrew install w3m(linkswould be OK too)- Install pandoc to author in markdown and send as HTML
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| There was an XSD challenge, which nobody, as far as I know, solved in an intended way. We weren't quite sure that this was xsd, and found SQLi first. | |
| The vulnerable interface was parsing XML from POST requests to /tickets.php and its id parameter was vulnerable to sqli. We quickly understood that the WAF enforced the parameter length to be exactly 35 chars long, which was a nuisance. Fortunately, we found that changing host to foo.waf-bypass.com (from the intended choo-choo.waf-bypass.com) removed that restriction. All that was left was to bypass the syntax anomaly detection, which was quite easy. The final vector is as follows (db was postgres, so this uses a relatively new error-based box() vector with xml functions to quickly get all database): | |
| POST /tickets.php HTTP/1.1 | |
| Host: hui.phdays.com | |
| Content-Type: text/xml | |
| X-Requested-With: XMLHttpRequest | |
| Referer: http://choo-choo.phdays.com/index.php?search=%27%22%3E | |
| Content-Length: 174 | |
| Cookie: WAFBYPASS=5727e690-39f4-44f1-a271-c6edfc1b4336 | |
| Connection: keep-alive |
dayn1ne
/ readme.txt
Created
May 25, 2012 15:20
— forked from natyusha/readme.txt
foo_ncmpcpp_mod readme
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| most recent readme: https://gist.github.com/2000446 | |
| //This skin really isn't completely ready for a release. | |
| //It is tailored towards my way of tagging files and is made for last.fm users. | |
| To install unpack and move folder contents into foobar2000 installation directory. | |
| Also, be sure to delete user_profiles_enabled from said directory. | |
| Open foobar2000 goto 'Preferences>Display/Columns UI/Main' | |
| Click import and import 'foo_ncmpcpp_mod.fcl' from the 'skins/masood_' folder. | |
| Make sure to install the included fonts. |