Skip to content

Instantly share code, notes, and snippets.

View 0xssff's full-sized avatar

0xss 0xssff

6 followers · 112 following
View GitHub Profile
@dergachev
dergachev / enlarge-proxmox-root-partition.sh
Last active September 2, 2024 23:28
# Copied from http://ttaportal.org/wp-content/uploads/2012/10/7-Reallocation-using-LVM.pdf
##
## Showing the problem: need to reallocate 32GB from /dev/mapper/pve-data to /dev/mapper/pve-root
##
df -h
# Filesystem Size Used Avail Use% Mounted on
# /dev/mapper/pve-root 37G 37G 0 100% /
# tmpfs 2.0G 0 2.0G 0% /lib/init/rw
@dergachev
dergachev / simple-https-server.py
Created October 17, 2013 17:07
# taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
# generate server.xml with the following command:
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
# python simple-https-server.py
# then in your browser, visit:
# https://localhost:4443
import BaseHTTPServer, SimpleHTTPServer
import ssl
@dergachev
dergachev / pdf2jpg.sh
Created November 26, 2013 01:51 — forked from yura/pdf2jpg.sh
#!/bin/bash
# Script to convert PDF file to JPG images
#
# Dependencies:
# * pdftk
# * imagemagick
PDF=$1
@dergachev
dergachev / setuid-root-backdoor.md
Last active September 2, 2024 12:08
How to use setuid to install a root backdoor.

Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.

While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).

If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

@dergachev
dergachev / ssh-forward-clipboard.md
Last active November 10, 2025 16:10
Forward your clipboard via SSH reverse tunnels

Exposing your clipboard over SSH

I frequently administer remote servers over SSH, and need to copy data to my clipboard. If the text I want to copy all fits on one screen, then I simply select it with my mouse and press CMD-C, which asks relies on m y terminal emulator (xterm2) to throw it to the clipboard.

This isn't practical for larger texts, like when I want to copy the whole contents of a file.

If I had been editing large-file.txt locally, I could easily copy its contents by using the pbcopy command:

@soheilhy
soheilhy / nginxproxy.md
Last active July 5, 2025 15:29
How to proxy web apps using nginx?

Virtual Hosts on nginx (CSC309)

When hosting our web applications, we often have one public IP address (i.e., an IP address visible to the outside world) using which we want to host multiple web apps. For example, one may wants to host three different web apps respectively for example1.com, example2.com, and example1.com/images on the same machine using a single IP address.

How can we do that? Well, the good news is Internet browsers

@revolunet
revolunet / ffmpeg-tips.md
Last active April 16, 2025 04:29
ffmpeg tips

libcaca output from your OSX webcam

ffmpeg -f avfoundation -framerate 30 -s "640x480" -i "0" -c:v rawvideo -pix_fmt rgb24 -f caca -s "640x480" output4.mp4

brew install ffmpeg with options

brew install homebrew-ffmpeg/ffmpeg/ffmpeg --with-libcaca

convert to another format, resize withouth quality loss

ffmpeg -i vitrine.mp4 -vf scale=1024:-1 -q:vscale 0 vitrine.avi

@yang-wei
yang-wei / minimal
Created April 13, 2015 02:07
Minimal vim setting
execute pathogen#infect()
syntax on
filetype plugin indent on
set nocompatible " Be iMproved
set tabstop=2
set expandtab
set softtabstop=2
set shiftwidth=2
set smarttab
@mbaldessari
mbaldessari / ethtool-speed-test.c
Created April 19, 2015 08:08
Get the speed of a network interface via the ethtool interface
#include <stdio.h>
#include <stdint.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <net/if.h>
#include <ctype.h>
#define ETHTOOL_GSET 0x1
#define SIOCETHTOOL 0x8946
@dwgill
dwgill / mpvctl
Last active October 2, 2024 22:34
A small script for controlling mpv via the JSON IPC. Intended to resemble playerctl.
#!/usr/bin/env bash
# This script requires:
# - that the directory $HOME/.mpv exist
# - that the program socat be installed
# - that you start mpv with the unix socket feature pointing at that directory
# I recommend an alias in your .bashrc or equivalent file:
# alias mpv="mpv --input-unix-socket=$HOME/.mpv/socket"
socket="$HOME/.mpv/socket"